Upgrade to 2.3.1 has failed
C. Andrews Lavarre
alavarre at gmail.com
Sat Dec 15 18:16:36 EET 2018
Alexander good afternoon. Thank you. I have spent the day learning
about AppArmor:
• I've reviewed your link, found /etc/apparmor.d/ and its local/ directory.
• I ran aa-logprof and it found the change in stat to old-stat
that is discussed in the upgrade documentation. So I Allow (A) that.
There are no other reports.
• I followed the discussion on using yast to manage the
profiles. I'm on ssh to the server so do not have the GUI yast, only
the ncurses version and it does not contain editing, only adding,
profiles.
I tried creating a profile for imap-login with that method and
scanned for any issues, there were none reported, but still cannot log
in.
• I followed the local/README to explicitly add
/etc/certbot/live/privustech.com/* r,
to /etc/apparmor.d/local/usr.lib.dovecot.imap-login but still
cannot login with either the mail client or with explicit openssl: it
complains
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:794:
I check yast2 sw_single for the dovecot installation. Indeed
the module dovecot23-xxx where xxx is anything that looks like "clnt" (
client?) does not exist. Is there a missing module in my installation?
It lists only
dovecot
dovecot23
dovecot23-backend-mysql
dovecot23-backend-pgsql
dovecot23-backend-sqlite
dovecot23-fts
dovecot23-fts-squat
I'll pursue this further.
Thank you again.
Kind regards, Andy
On Fri, 2018-12-14 at 23:44 +0100, Alexander Dalloz wrote:
> Am 14.12.2018 um 19:58 schrieb C. Andrews Lavarre:
> >
> > Thanks for the input. I've checked out your suggestions (details
> > below)
> > but unfortunately no joy.
> > I also restored my backup 10-ssl.conf. It indeed has the "<" sign
> > with
> > a space before the explicit paths to the files:
> > ssl_cert = </etc/certbot/live/privustech.com/fullchain.pem
> > ssl_key = </etc/certbot/live/privustech.com/privkey.pem
> Hi,
>
> the syntax you see in the documentation is mandatory. Your issue is
> really a permissions problem.
>
> Check your AppArmor setup. The path you use for storing the chained
> certificate and the private key is certainly not known to AppArmor.
> See
> your /var/log/audit/audit.log for indications.
>
> https://doc.opensuse.org/documentation/leap/security/html/book.securi
> ty/cha.apparmor.managing.html
>
> may help.
>
> Btw. permissions setting to 0777, especially for the cert and key,
> is
> awful, even for debugging issues.
>
> Alexander
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181215/024dc444/attachment-0001.html>
More information about the dovecot
mailing list