[Fetchmail-users] cert probelm

[Gene H. <ghe...@sh...>]

Greetings all;

locally built 6.4.14 client here on debian stretch.

Been running fine for months.

last night around 22:00 local mail stopped.

openssl-1.1.1l is now installed locally built, installed once with --prefix=/usr, and once as the default /usr/local.

~/.fetchmailrc active section:
poll	imap.shentel.net with proto imap
	user $USR with password $PW is gene
	fetchall
	ssl
	pass8bits
	nokeep

Restarting fetchmail gets:

fetchmail: Server certificate verification error: self signed certificate in certificate chain
fetchmail: Missing trust anchor certificate: /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that 
c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath 
and --sslcertfile in the manual page. See README.SSL for details.
fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
fetchmail: imap.shentel.net: SSL connection failed.
fetchmail: socket error while fetching from $US...@im...

I can go in with a browser using that same $USR and $PW and see it there ok
Please define the certificate directory. I do have that cert if the 
spaces are replaced by underscores. And c_rehash has been run, several 
times with the -v option, looks legit but me not an expert.
 
Where is the bad or missing cert, here, or at my ISP's dovecot server?

Thank you.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>