WebFaction
Community site: login faq

I've tried to use my webfaction email to set up an easycrypt account (https://easycrypt.co/) but I've run into problems. I've had some back-and-forth with their support folks and they fixed some bugs but in their last email to me they said the following:

As a result of your and other users' reports (for which we thank you) we have fixed a bug in the process of signup for private email servers. Please try again but please take notice: we do not support self-signed TLS certs at this time. So if you are using one, the signup will not work even after the correction of the aforementioned bug.

I'm confused by this because one of my webfaction sites does use a self-signed cert (from startssl) but I don't think this has anything to do with email, does it? Presumably they're talking about the TLS cert used by webfaction for email. Can someone shed any light on this?

When I tried again to create an EasyCrypt account after they fixed their bug, I get farther than I did before but it still fails. Presumably this is because of a self-signed cert that they warned about.

Edit

Since posting the above I reached out to easycrypt support again to ask about the particular cert they were having a problem with and received the following response:

If your email service provider saves a bit of money and uses a self-signed TLS certificate instead of using a TLS certificate signed by a trusted Certification Authority, EasyCrypt will not connect to your email account. According to our tests, this indeed was the case. If your service provider claims that it is using a cert from a trusted CA, please tell us which CA and send us the certificate, and we will investigate this further. Another possible cause could be that your email service provider required an application specific password for access to your account by external applications such as EasyCrypt. If this is the case, please get instructions for your provider, generate the app specific password and use it when you sign up for EasyCrypt instead of your usual email password.

asked 07 Apr, 00:24

tmciver's gravatar image

tmciver
237
accept rate: 0%

edited 08 Apr, 00:11

I'm not familiar with EasyCrypt. If you can find out the exact certificate that they're complaining about, and the exact part of their setup procedure that it affects, then we might be able to assist further.

(07 Apr, 18:21) seanf ♦♦ seanf's gravatar image

I've updated the question with another response from the easycrypt folks. I'm not sure if it's specific enough to help . . .

(10 Apr, 03:25) tmciver tmciver's gravatar image

We're not using any self-signed certificates in our email setup. We're using a cert issued by RapidSSL for SMTP, IMAP, and POP (see below), so I'm not sure where EasyCrypt is seeing a self-signed cert.

# POP + SSL
$ openssl s_client -connect mail.webfaction.com:995 -servername mail.webfaction.com 
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIDB42NMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTEwMTIxODI0MTNaFw0xNzEyMTMwODA4NDFaMIGUMRMw
EQYDVQQLEwpHVDMyMDQ1NDU1MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAwwQKi53ZWJmYWN0aW9uLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWsPQ58j8Z1Sj0rF6RH
uU0nO6ZptR43/Y0dJPEK94Xft+J2O/7S6lm7nr0GU5GZQWhcn8IYbhDABlYs06po
uXsklgsc4wQqFi+1DomY//dvfrZS31XuCHKSx+Z8/32y2IrOmKKLK1rpG61iXxyR
3jZv+CriU6/sCk89s0K0OIhTIXHAqQJPb1YfHJrgXXloxFt6GfNCQlaNe7ARIflA
39Oo1meElPGcyCdEmLEgpcgn/kEO1FTXDXNf/6aQ67uyXLd0vgZC2tSdPk4C6wTW
y3X+CqJXioAmRVkDEIdPf0vPxdlR8kfo+zKuZ1ISMc9LO1PINFt05IJNqOGDGg4h
oaUCAwEAAaOCAVgwggFUMB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZ
MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNv
bTAmBggrBgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjArBgNVHREE
JDAighAqLndlYmZhY3Rpb24uY29tgg53ZWJmYWN0aW9uLmNvbTArBgNVHR8EJDAi
MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA
MEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3
LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEAlXfgTlmantFk
9y5NAzpdaPgj5QIKDDSrZYgEJ2pzKrrcH9JhKnmnnJ3lXDXCnZw4UN5tOHH2oyop
TaQbZrA1G6cc1Gms8vFOGDHed84NoxPHYYWlWySKyef4b19GaSrdZJTySH4IO5nt
o+ea+esJyUydPUVWfPp/pa5ercvAD7F4jZL6H5cGo+2dSn7+y8kFFxc1Wt1p696X
qtdYKCdqjXrLZ/9OY9rG7+2GZQ4nJR/ALabDQ9LubLuzikTjPN3U+nL94yN3ldXC
u5MWfjC8kEiSEXzTdL46ImM+lkAhZH1v7zjPcZlBtiFlLjrgCczgqeATEz6B5/HL
1heQxaXkeg==
-----END CERTIFICATE-----
subject=/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3833 bytes and written 326 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: D919E2222F8541B4DF649702E05F8E82AF4C55A60296C64B1B0B64E674C9A62D
    Session-ID-ctx: 
    Master-Key: 19A37A4E8D0B25ECDA63748544B4C01B2DFF70B73553226936B3C944B6DA846C19DF08FCC674C0B5477E9B901B9FEE32
    Key-Arg   : None
    Start Time: 1491852772
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
+OK Dovecot ready.
^C

# IMAP + SSL
$ openssl s_client -connect mail.webfaction.com:993 -servername mail.webfaction.com 
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIDB42NMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTEwMTIxODI0MTNaFw0xNzEyMTMwODA4NDFaMIGUMRMw
EQYDVQQLEwpHVDMyMDQ1NDU1MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAwwQKi53ZWJmYWN0aW9uLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWsPQ58j8Z1Sj0rF6RH
uU0nO6ZptR43/Y0dJPEK94Xft+J2O/7S6lm7nr0GU5GZQWhcn8IYbhDABlYs06po
uXsklgsc4wQqFi+1DomY//dvfrZS31XuCHKSx+Z8/32y2IrOmKKLK1rpG61iXxyR
3jZv+CriU6/sCk89s0K0OIhTIXHAqQJPb1YfHJrgXXloxFt6GfNCQlaNe7ARIflA
39Oo1meElPGcyCdEmLEgpcgn/kEO1FTXDXNf/6aQ67uyXLd0vgZC2tSdPk4C6wTW
y3X+CqJXioAmRVkDEIdPf0vPxdlR8kfo+zKuZ1ISMc9LO1PINFt05IJNqOGDGg4h
oaUCAwEAAaOCAVgwggFUMB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZ
MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNv
bTAmBggrBgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjArBgNVHREE
JDAighAqLndlYmZhY3Rpb24uY29tgg53ZWJmYWN0aW9uLmNvbTArBgNVHR8EJDAi
MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA
MEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3
LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEAlXfgTlmantFk
9y5NAzpdaPgj5QIKDDSrZYgEJ2pzKrrcH9JhKnmnnJ3lXDXCnZw4UN5tOHH2oyop
TaQbZrA1G6cc1Gms8vFOGDHed84NoxPHYYWlWySKyef4b19GaSrdZJTySH4IO5nt
o+ea+esJyUydPUVWfPp/pa5ercvAD7F4jZL6H5cGo+2dSn7+y8kFFxc1Wt1p696X
qtdYKCdqjXrLZ/9OY9rG7+2GZQ4nJR/ALabDQ9LubLuzikTjPN3U+nL94yN3ldXC
u5MWfjC8kEiSEXzTdL46ImM+lkAhZH1v7zjPcZlBtiFlLjrgCczgqeATEz6B5/HL
1heQxaXkeg==
-----END CERTIFICATE-----
subject=/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3833 bytes and written 326 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: A37CD9C1A98CAEE04718A608D3632C7263AB49C36CB3758A26560ECBF457AE17
    Session-ID-ctx: 
    Master-Key: 04D2288A8F095727198E5B042A5763D73D0FC95EE81AC61EA18CAEB0CE899C845F8D3AFA9D83C4FAC9F830BCE4A11A31
    Key-Arg   : None
    Start Time: 1491852793
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK Dovecot ready.
^C

# SMTP + SSL
$ openssl s_client -connect smtp.webfaction.com:465 -servername smtp.webfaction.com 
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIDB42NMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMSAwHgYDVQQDExdSYXBpZFNTTCBTSEEy
NTYgQ0EgLSBHMzAeFw0xNTEwMTIxODI0MTNaFw0xNzEyMTMwODA4NDFaMIGUMRMw
EQYDVQQLEwpHVDMyMDQ1NDU1MTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNv
bS9yZXNvdXJjZXMvY3BzIChjKTE1MS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAwwQKi53ZWJmYWN0aW9uLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALWsPQ58j8Z1Sj0rF6RH
uU0nO6ZptR43/Y0dJPEK94Xft+J2O/7S6lm7nr0GU5GZQWhcn8IYbhDABlYs06po
uXsklgsc4wQqFi+1DomY//dvfrZS31XuCHKSx+Z8/32y2IrOmKKLK1rpG61iXxyR
3jZv+CriU6/sCk89s0K0OIhTIXHAqQJPb1YfHJrgXXloxFt6GfNCQlaNe7ARIflA
39Oo1meElPGcyCdEmLEgpcgn/kEO1FTXDXNf/6aQ67uyXLd0vgZC2tSdPk4C6wTW
y3X+CqJXioAmRVkDEIdPf0vPxdlR8kfo+zKuZ1ISMc9LO1PINFt05IJNqOGDGg4h
oaUCAwEAAaOCAVgwggFUMB8GA1UdIwQYMBaAFMOc8/zTRgg0u85Gf6B8W/PiCMtZ
MFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDovL2d2LnN5bWNkLmNv
bTAmBggrBgEFBQcwAoYaaHR0cDovL2d2LnN5bWNiLmNvbS9ndi5jcnQwDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjArBgNVHREE
JDAighAqLndlYmZhY3Rpb24uY29tgg53ZWJmYWN0aW9uLmNvbTArBgNVHR8EJDAi
MCCgHqAchhpodHRwOi8vZ3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAA
MEEGA1UdIAQ6MDgwNgYGZ4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3
LnJhcGlkc3NsLmNvbS9sZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEAlXfgTlmantFk
9y5NAzpdaPgj5QIKDDSrZYgEJ2pzKrrcH9JhKnmnnJ3lXDXCnZw4UN5tOHH2oyop
TaQbZrA1G6cc1Gms8vFOGDHed84NoxPHYYWlWySKyef4b19GaSrdZJTySH4IO5nt
o+ea+esJyUydPUVWfPp/pa5ercvAD7F4jZL6H5cGo+2dSn7+y8kFFxc1Wt1p696X
qtdYKCdqjXrLZ/9OY9rG7+2GZQ4nJR/ALabDQ9LubLuzikTjPN3U+nL94yN3ldXC
u5MWfjC8kEiSEXzTdL46ImM+lkAhZH1v7zjPcZlBtiFlLjrgCczgqeATEz6B5/HL
1heQxaXkeg==
-----END CERTIFICATE-----
subject=/OU=GT32045455/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.webfaction.com
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 3833 bytes and written 326 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: D6368199EFE5DA7563DEC8E27BBD52AF877149DE4539173B5CB51F30067F155A
    Session-ID-ctx: 
    Master-Key: 424555A28563B6270EF4FE00C160A3560CF4E25942D152624FCF41046C41D946564AAA91A6AFD6800A9F2DDA4D2F20CA
    Key-Arg   : None
    Start Time: 1491852839
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
220 smtp.webfaction.com ESMTP Postfix
permanent link

answered 10 Apr, 19:37

seanf's gravatar image

seanf ♦♦
11.5k21333
accept rate: 37%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×250
×3
×1

question asked: 07 Apr, 00:24

question was seen: 469 times

last updated: 10 Apr, 19:37

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM