I’m running the latest version of Axigen, and use Let’s encrypt for TLS termination. This has worked without issue until a week or two ago. I started get “self signed” errors with both IMAP och SMTP connections. If I look in the folder on the server, the cert is updated and valid (witch is also confirmed in the WebAdmin).
The solution in another thread (couldn’t link to it) there was to add cert_auth.pem to CA file config for TLS settings. But I already have that one set. I tried renewing the certs just in case, and the logs seems ok.
2026-06-24 21:13:09 +0200 08 SRVLINWEB001 JOBLOG:70000002: LetsE: Certificate for DOMAIN is available at ``https://acme-v02.api.letsencrypt.org/acme/cert/05167e30fc990a10aa08e0295c0417cc99e9`` or /var/opt/axigen/letsencrypt/DOMAIN/cert.pem
2026-06-24 21:13:09 +0200 08 SRVLINWEB001 JOBLOG:70000002: LetsE: Intermediate certificate for /var/opt/axigen/letsencrypt/DOMAIN/cert.pem, downloaded from ``http://yr2.i.lencr.org/``, is available at /var/opt/axigen/letsencrypt/DOMAIN/cert_auth.pem
Both cert.pem and cert_auth.pem was updated (witch I could confirm on the file date stamp to).
Checking the cert chain with openssl gives me this:
CONNECTED(00000003)
depth=1 C=US, O=Let's Encrypt, CN=YR2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN=DOMAIN
verify return:1
---
Certificate chain
0 s:CN=DOMAIN
i:C=US, O=Let's Encrypt, CN=YR2
a:PKEY: RSA, 4096 (bit); sigalg: sha256WithRSAEncryption
v:NotBefore: Jun 24 18:14:37 2026 GMT; NotAfter: Sep 22 18:14:36 2026 GMT
Something is clearly not working in the cain? As mentioned, this worked before. Think the issue appeared when the cert was renewed some week ago.