Letsencrypt/OpenSSL test - Verify return code: 21

Oscar del Rio delrio at mie.utoronto.ca
Mon Apr 12 21:38:52 EEST 2021


On 2021-04-10 12:09 p.m., Brady Shea wrote:
>
> I finally 'fixed' it myself by using the LE 'fullchain.pem' 
> certificate as the location for the 'ssl_cert' entry (and chain.pem 
> for the ca entry). Previously, it was using the normal cert.pem file 
> location. This is still the way it's setup on the other older machine 
> and still works fine. Changes-
>
> |ssl_ca = </etc/letsencrypt/live/{CertName}/chain.pem (or 
> 'fullchain.pem' should work) *ssl_cert = 
> </etc/letsencrypt/live/{CertName}/fullchain.pem* (was 'cert.pem' 
> previously) ssl_key = </etc/letsencrypt/live/{CertName}/privkey.pem|

/etc/letsencrypt/live/README:

`[cert name]/privkey.pem`  : the private key for your certificate.
`[cert name]/fullchain.pem`: the certificate file used in most server 
software.
`[cert name]/chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`[cert name]/cert.pem`     : will break many server configurations, and 
should not be used
                  without reading further documentation



More information about the dovecot mailing list