[TriLUG] [Semi-OT] iOS randomly hates my certificate
Sean Korb via TriLUG
trilug at trilug.org
Tue Aug 1 17:32:25 EDT 2023
The A Record doesn't match the PTR record and that rarely matters but if
one of the relays doesn't like it (checks and rejects) and shows up
sometimes, that might drop a message. I'm wondering about this sort of
thing since encrypted DNS has some legs and that might become a best
practice in the future.
sean
On Tue, Aug 1, 2023, 15:27 Jack Hill via TriLUG <trilug at trilug.org> wrote:
> On Tue, 1 Aug 2023, Brian via TriLUG wrote:
>
> > Hi Gang,
> >
> > Tangentially related because my server is Debian! Seemingly randomly,
> > my iPhone (iPhone 7, iOS 15.7.7) complains that it can't verify the
> > identity of my mail server, undecidedgames.net. When I tap the button
> > for details and view the certificate, there's nothing wrong with it.
> > Not expired, no CN/SAN mismatch, etc., and 99 times in 100, the
> > transaction with the server works just fine with no SSL errors.
> >
> > (Okay, this actual time it was that the certificate expired like, 30
> > minutes ago...but it happens more often than that!)
> >
> > I'm wondering if anyone else in this group has encountered this issue
> > and understands a cause or knows a solution.
>
> Brian,
>
> Only happening sometimes is the weird part for me. Otherwise, I think you
> might be missing some intermediate cert (or have an old certificate chain;
> letsencrypt updated it at some point when the root certificate they used
> expired), I can reproduce it locally with webkit/libsoup browsers on Linux
> that use the system's trust store. I think Chromium and Firefox had
> additional trusted certs that are farther down the chain. At any rate, if
> that's it, I would expect problems all the time, not intermittently.
>
> Oh, I see now you were asking about your mail server. I only looked at
> your https certificate. Maybe the same applied?
>
> Best,
> Jack
> --
> This message was sent to: Sean Korb <spkorb at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> https://www.trilug.org/mailman/options/trilug/spkorb%40gmail.com
> Welcome to TriLUG: https://trilug.org/welcome
More information about the TriLUG
mailing list