SSL issue with Letsencrypt certificate #1569

redispade · 2024-12-06T14:34:16Z

I have deployed smtp4dev in docker and provided it with a letsencrypt certificate on a mounted volume on the container. The certificate name matches the HostName in docker compose(redacted here). I use the certificate only for smtp, the http server itself is behind a reverse proxy and working fine in https.
Is there anything I'm doing wrong? The server runs fine without starttls.
Thank you in advance

Compose part where I load the certificate:

environment:
      - ServerOptions__HostName=smtp4dev.my.domain
      - ServerOptions__TlsMode=StartTls
      - ServerOptions__TlsCertificate=/certs/smtp4dev.my.domain/fullchain.pem
      - ServerOptions__TlsCertificatePrivateKey=/certs/smtp4dev.my.domain/privkey.pem

I get the following in the logs:

smtp4dev                     | TLS mode: StartTls
smtp4dev                     | The SMTP server failed to start: System.Security.Cryptography.CryptographicException: ASN1 corrupted data.
smtp4dev                     |  ---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Universal' class value '4', but it should have been 'Universal' class value '16'.
smtp4dev                     |    at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber)
smtp4dev                     |    at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable`1 expectedTag)
smtp4dev                     |    at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable`1 expectedTag)
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    --- End of inner exception stack trace ---
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PrivateKeyInfoAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PrivateKeyInfoAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.KeyFormatHelper.ReadPkcs8(String[] validOids, ReadOnlyMemory`1 source, Int32& bytesRead)
smtp4dev                     |    at System.Security.Cryptography.RSAKeyFormatHelper.CheckPkcs8(ReadOnlySpan`1 source)
smtp4dev                     |    at System.Security.Cryptography.RSAOpenSsl.ImportPkcs8PrivateKey(ReadOnlySpan`1 source, Int32& bytesRead)
smtp4dev                     |    at Rnwood.Smtp4dev.Server.CertificateHelper.LoadCertificateWithKey(String certificatePath, String certificateKeyPath, String password) in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/CertificateHelper.cs:line 18
smtp4dev                     |    at Rnwood.Smtp4dev.Server.CertificateHelper.GetTlsCertificate(ServerOptions options, ILogger logger) in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/CertificateHelper.cs:line 51
smtp4dev                     |    at Rnwood.Smtp4dev.Server.Smtp4devServer.CreateSmtpServer() in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/Smtp4devServer.cs:line 90
smtp4dev                     |    at Rnwood.Smtp4dev.Server.Smtp4devServer.TryStart() in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/Smtp4devServer.cs:line 569
smtp4dev                     | System.Security.Cryptography.CryptographicException: ASN1 corrupted data.
smtp4dev                     |  ---> System.Formats.Asn1.AsnContentException: The provided data is tagged with 'Universal' class value '4', but it should have been 'Universal' class value '16'.
smtp4dev                     |    at System.Formats.Asn1.AsnDecoder.CheckExpectedTag(Asn1Tag tag, Asn1Tag expectedTag, UniversalTagNumber tagNumber)
smtp4dev                     |    at System.Formats.Asn1.AsnDecoder.ReadSequence(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& contentOffset, Int32& contentLength, Int32& bytesConsumed, Nullable`1 expectedTag)
smtp4dev                     |    at System.Formats.Asn1.AsnValueReader.ReadSequence(Nullable`1 expectedTag)
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    --- End of inner exception stack trace ---
smtp4dev                     |    at System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, AlgorithmIdentifierAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.DecodeCore(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PrivateKeyInfoAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.Asn1.PrivateKeyInfoAsn.Decode(AsnValueReader& reader, Asn1Tag expectedTag, ReadOnlyMemory`1 rebind, PrivateKeyInfoAsn& decoded)
smtp4dev                     |    at System.Security.Cryptography.KeyFormatHelper.ReadPkcs8(String[] validOids, ReadOnlyMemory`1 source, Int32& bytesRead)
smtp4dev                     |    at System.Security.Cryptography.RSAKeyFormatHelper.CheckPkcs8(ReadOnlySpan`1 source)
smtp4dev                     |    at System.Security.Cryptography.RSAOpenSsl.ImportPkcs8PrivateKey(ReadOnlySpan`1 source, Int32& bytesRead)
smtp4dev                     |    at Rnwood.Smtp4dev.Server.CertificateHelper.LoadCertificateWithKey(String certificatePath, String certificateKeyPath, String password) in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/CertificateHelper.cs:line 18
smtp4dev                     |    at Rnwood.Smtp4dev.Server.CertificateHelper.GetTlsCertificate(ServerOptions options, ILogger logger) in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/CertificateHelper.cs:line 51
smtp4dev                     |    at Rnwood.Smtp4dev.Server.Smtp4devServer.CreateSmtpServer() in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/Smtp4devServer.cs:line 90
smtp4dev                     |    at Rnwood.Smtp4dev.Server.Smtp4devServer.TryStart() in /home/vsts/work/1/s/Rnwood.Smtp4dev/Server/Smtp4devServer.cs:line 569
smtp4dev                     | IMAP Server is listening on port 143 (::)
smtp4dev                     | Overriding HTTP_PORTS '80' and HTTPS_PORTS ''. Binding to values defined by URLS instead 'http://*:80'.
smtp4dev                     | Now listening on: http://[::]:80

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSL issue with Letsencrypt certificate #1569

SSL issue with Letsencrypt certificate #1569

redispade commented Dec 6, 2024 •

edited

Loading

SSL issue with Letsencrypt certificate #1569

SSL issue with Letsencrypt certificate #1569

Comments

redispade commented Dec 6, 2024 • edited Loading

redispade commented Dec 6, 2024 •

edited

Loading