No path found from the leaf certificate to any root

I am trying to setup gmail to poll for email from my iRedMail server. Accessing mail from roundcube is fine.

I am running Debian 10 nginx

As I have done many times in the past, 'Add a mail account' in gmail.

port 995, always use secure

I get:

There was a problem connecting to mail.myallysrv.us Server returned error: "SSL error: No path found from the leaf certificate to any root. Maybe an intermediate certificate is missing?"

sslchecker.com reports all four certs present for both mail.myallysrv.us and myallysrv.us anchored to DST Root CA X3.

This is a new iRedMail server. I have never gotten this to work.

Answers 1

  • sslchecker.com reports all four certs present for both mail.myallysrv.us and myallysrv.us anchored to DST Root CA X3.

    You're having problems connecting to the server on port 995 – but you've only tested port 443.

    There's a different service listening on each port, with its own TLS configuration, its own certificates, and its own "SSL checker" test results. What you've configured in Nginx has no relationship to the POP3 service provided by iRedMail's Dovecot.

    So if you specify port 995 at sslchecker.com, you'll get these results which say that the POP3 TLS service actually sends a RapidSSL certificate (not a LetsEncrypt one), and that it does not include the intermediate issuer's certificate.


    Note: As you're using Linode, you should get a dedicated IPv6 /64 prefix assigned to your server and configure iRedMail's Postfix to send mail from that. The reason is that Linode's default "shared" /64 prefixes (at least at certain datacenters) seem to have – or at least seemed to have in 2019 – incredibly bad reputation at Gmail's anti-spam filters.


Related Questions