Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM

Alexander Dalloz ad+lists at uni-x.org
Fri Aug 14 17:57:02 UTC 2015


Am 14.08.2015 um 13:22 schrieb dravion.smith at gmx.net:
> Hi,
> I want to say hello and here is my big problem ;D
>
> Iam trying to archive a Postfix/Dovecot 2.2.10 CentOS7 Multidomain Setup
> with multiple (valid
> StartSSL Certs), but iam only able to run a single Domain Cert server only.
>
> ps: I need a multiple domainssetup for every customer and it is not an
> option for me redirecting any email
> to a single domain server. I really need this setup working.
>
> IMHO: I think it SELinux could interfere with multiple Certs in diffrent
> folders (it is activated in CentOs7 by
> default and is needed by other apps)

What have you done to exclude that SELinux interferes?

Run "ausearch -m avc" to check for AVCs.

> Ok, here is my logfile data:
>
> systemctl start postfix.service [OK]
> systemctl start dovecot.service [OK]
>
> /var/log/messages
> *systemd: Stopping Dovecot IMAP/POP3 email server...
> *systemd: Starting Dovecot IMAP/POP3 email server...
> *systemd: Started Dovecot IMAP/POP3 email server.
>
> /var/log/maillog
> *dovecot: master: Dovecot v2.2.10 starting up for imap, pop3, lmtp (core
> dumps disabled)
>
> ### This works (Thunderbird, Outlook 2013, Opera Mail ect.) ####
>
> local mydomain01.tld {
>
>    protocol imap {
>        ssl_cert =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
>        ssl_key =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
>    }
>
> }

You are leaving the terrain of your distribution. That's not the 
intended path. /etc/pki/tls/{certs,private}/ is.

> ### this 10-ssl.conf ### --- FAILS (the error occurs after an email
> client accesses IMAP Folders)
> local mydomain01.tld {
>
>    protocol imap {
>        ssl_cert =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
>        ssl_key =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
>    }
>
> }
>
> local mydomain02.tld {
>
>    protocol imap {
>        ssl_cert =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
>        ssl_key =
> </etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
>    }
>
> }

See above.

Why 2 times the same certificate pair files?

Make sure the permissions (and not only of the files itself) and the 
SELinux context is set properly. You gave zero information about that.

> /var/log/mailog ### Error log ###
> Aug 14 12:50:38 matrix dovecot: imap-login: Fatal: Couldn't parse
> private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line:
> Aug 14 12:50:38 matrix dovecot: master: Error: service(imap-login):
> command startup failed, throttling for 60 secs

The key file contains "-----BEGIN PRIVATE KEY-----" as first line and 
"-----END PRIVATE KEY-----" as last line?

> I really dont know why a single domain is no problem but if i enable
> multiple domains dovecots
> start with any error, even if i set debug verbose leven to extrem high
> but if i access dovecot with
> Thunderbird my server loggile explodes with something like this Couldn't
> parse private ssl_key: error:0906D06C:PEM but the certs are 100% valid
> and checked over and over again.
>
> Any help is greatly appreciated!
>
> Greetings,
> Dravion

Alexander



More information about the dovecot mailing list