On 23/08/25, Louis Villedieu via dovecot (dovecot@dovecot.org) wrote:
Dear dovecot mailing list,
Maybe you'll have an idea.
I upgraded from Debian bookworm to trixie this morning. Along with this upgrade, dovecot went to 2.4.1 . I adapted the configuration files. The server starts but the clients cannot retrieve emails. The error message in the logs is:
dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): The certificate is empty
It would be helpful if you could share the ssl-related parts of your configuration files, anonymised as necessary.
Perhaps it is as simple as a path error?
Typically, the top-level ssl settings (as I understand it) should be
ssl = yes
ssl_server_cert_file = path_to_fullchain.pem
ssl_server_key_file = path_to_private_key.pemI think you can also configure this as follows:
# example ssl config
ssl = yes
ssl_server {
cert_file = /etc/dovecot/certs/server.crt
key_file = /etc/dovecot/certs/server.key
}You can also have per host keys using the following configuration stanza:
# https://doc.dovecot.org/2.4.1/core/config/ssl.html#with-client-tls-sni-server-name-indication-support
local_name example.net {
ssl_server_cert_file = /etc/dovecot/certs/example.crt
ssl_server_key_file = /etc/dovecot/certs/example.key
}