"TLS certificate verification failed" when trying to set up msmtp after updating to Nabia
Hello,
I am trying to set up msmtp with Neomutt but certificate verification failed.
user@laptop:~$ msmtp -S
msmtp: TLS certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown
I understand that the issue is not related to msmtp or Trisquel.
Like suggested here by Magic Banana and here by jxself, I substituted every "https" in /etc/apt/sources.list for "http" and then try to upgrade by running:
$ sudo sed -i s/https/http/ /etc/apt/sources.list
$ sudo apt update
$ sudo apt upgrade
$ sudo do-release-upgrade
And then reversed the substitution of every "http" for "https" in /etc/apt/sources.list
Now "$ lsb_release -a" prints out:
No LSB modules are available.
Distributor ID: Trisquel
Description: Trisquel GNU/Linux Nabia (10.0)
Release: 10.0
Codename: nabia
"$ apt list -a ca-certificates" prints out:
Listing... Done
ca-certificates/nabia,nabia,nabia-security,nabia-security,now 20210119~20.04.2+10.0trisquel1 all [installed]
ca-certificates/nabia-security,nabia-security 20201027ubuntu0.20.04.1+10.0trisquel1 all
ca-certificates/nabia-updates,nabia-updates 20201027ubuntu0.20.04.1 all
but I still get a certificate failure when I try to set up msmtp.
What can I try to fix this issue?
Let me know if you need additional information from my end.
Thank you.
Your issue does not deal with the certificate of Trisquel's server but with that of the SMTP server. You need to read https://marlam.de/msmtp/documentation/ to understand how to make msmtp trust the certificate of your SMTP server.
Thank you Magic Banana.
I substituted tls_trust_file for tls_fingerprint as suggested on p.24:
# As an alternative to tls_trust_file, you can use tls_fingerprint
# to pin a single certificate. You have to update the fingerprint when the
# server certificate changes, but an attacker cannot trick you into accepting
# a fraudulent certificate. Get the fingerprint with
# $ msmtp --serverinfo --tls --tls-certcheck=off --host=smtp.freemail.example
#tls_fingerprint 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33
By the way, while I am here, I would like to say "thank you". I have started using Trisquel a few months ago, and the discussions and answers on this forum have been very helpful in helping me transition from MacOS to Trisquel GNU/Linux and find my around the system.