After upgrading to iRedMail EE version 1.3.0, I can no longer access IMAP through the Roundcube webmail interface
Pls. I need urgent help

May 22 21:39:08 xxxxxxxxxxxxxxxxxxx roundcube[1480]: <ccv3tghq> IMAP Error: Login failed for xxxxxxxxxxxxxxxxxxx  against 127.0.0.1 from xxxxxxxxxxxxxxxxxxx. Unable to negotiate TLS in /opt/www/round>
May 22 21:39:08 xxxxxxxxxxxxxxxxxxx dovecot[1384]: imap-login: Disconnected: Connection closed: SSL_accept() syscall failed: Invalid argument (no auth attempts in 0 secs): user=<>, rip=127.>
May 22 21:39:07 xxxxxxxxxxxxxxxxxxx dovecot[1384]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000076:SSL routines::no suitable signature algorithm (no auth at>
May 22 21:39:07 xxxxxxxxxxxxxxxxxxx dovecot[1384]: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A0000C1:SSL routines::no shared cipher (no auth attempts in 0 sec>

After upgraded the binary program (/usr/local/bin/iredmail), please login to EE web ui as global admin, then click "Upgrade" button to finish the upgrade. After that, SSL cert management will work as expected.

It's a mistake that Dovecot was configured to use /opt/iredmail/ssl/cert.pem instead of /opt/iredmail/ssl/combined.pem (full chain), and EE doesn't generate "cert.pem" with requested certificate. This is why this issue occurred.

SSL certificates:

What if we have our own certificates?  Can you add a relevant section there:

Two fields for the CRT/KEY entry followed by daemons restart.

Thanks.

Two [text boxes] to paste the CRT/KEY text, or two [select file to upload] boxes, so we can upload our  domain certificate to the server.

Let's Encrypt is not the only certificate provider!  User may have other paid source with validity of one or more years (no update every 2 months).  Or may have a central Let's Encrypt issuer account, managing many domains at once.