Received: from out0.migadu.com (out0.migadu.com [94.23.1.103])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 23FFA781055
	for <~alpine/users@lists.alpinelinux.org>; Sat,  4 Jun 2022 13:39:53 +0000 (UTC)
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ayaya.dev; s=key1;
	t=1654349991;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=f7VbDuTauv0F+fCgqz02dvVB/kq4RuSKW0WVLtZjzTU=;
	b=Yh9BfaIpQw3WgGlyqYeXQDuu+peXF1lyUj8NRWo2e5w6AlmzLi6ftTH0PT8yRUdsc3WZ4D
	QcxpUr12lzw9zC8+Oxw3memHLJApicIXWuh5INwciq4ivNsWo615scot0as7nx1GrX0UED
	qBdxuivqITDV/ALOjEtliRkazTBjNb8=
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Sat, 04 Jun 2022 15:39:50 +0200
Message-Id: <CKHE4LOPEXLP.TF1JE6YCORR2@sumire>
Cc: 
Subject: Re: Mail SSL on alpine linux
X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers.
From: "alice" <alice@ayaya.dev>
To: =?utf-8?q?Bosco_Vallejo-N=C3=A1gera?= <bosco@vallejonagera.xyz>,
 <~alpine/users@lists.alpinelinux.org>
References: <CKH7UOGY6G5S.1MCYMKG4UNLI3@MacBook-Pro-de-Bosco.local>
In-Reply-To: <CKH7UOGY6G5S.1MCYMKG4UNLI3@MacBook-Pro-de-Bosco.local>
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: ayaya.dev

On Sat Jun 4, 2022 at 10:44 AM CEST, Bosco Vallejo-N=C3=A1gera wrote:
> I've been meaning to use the aerc mail client on alpine linux, I
> currently have two alpine machines, a thinkpad running the latest alpine
> linux and a pinephone running postmarket os.
> In both of those machines, I try to use my working mail configuration
> for my personal email server, the one I'm sending this email from, which
> has an SSL certificate uploaded to Let's Encrypt, but it doesn't work in
> either of them.
> I try running update-ca-certificates with root privileges and get the
> following message:
>     WARNING: ca-certificates.crt does not contain exactly one
>     certificate or CRL: skipping
this is just an unrelated warning and doesn't really mean anything
> Has anyone had to troubleshoot through something similar?

the server has to send a full chain for it to be valid- you can try
debugging with something like:

openssl s_client -showcerts -starttls smtp -connect yourserver:587

(or whatever port it's really on)

that should print you the chain (and openssl will also try 'validate' it
and say what's wrong). from there, you should see a valid certificate,
and the entire fullchain. if not, the server is misconfigured.