I ran into a ton of problems recently trying to configure SSL on my server’s Exim/Dovecot services.
To solve them, I relied on the excellent CheckTLS.com to give me detailed information about how my server’s security was failing. I probably wouldn’t have been able to troubleshoot my particular problems without this.
In my case, it turned out to be problems with the intermediate certificate. I tried a number of ways to fix this before stumbling upon an answer that I never would have guessed. I kept grabbing the intermediate certificate from my CA, but no matter what I tried it would not authenticate.
I was able to get it to work, however, by copying the content of the CA cert into the exim.cert file using:
$ echo '' >> /etc/exim.cert
$ cat /etc/exim.cacert >> /etc/exim.cert