Hi Timo, hi everyone,
I've finally figured out the final configuration for me:
Change the Ownership and file permissions for the SSL cert and key
Here is my directory structure with ownership and file permissions:
ls -lad /etc/dovecot/ssl/
drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/
ls -l /etc/dovecot/ssl/
total 0 drwxr-xr-x 1 root root 204 Feb 27 09:55 certs drwxr-xr-x 1 root root 116 Feb 27 09:55 private
ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
-r--r--r-- 1 vmail vmail 11627 Feb 27 09:55 /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
-r-------- 1 vmail vmail 1703 Feb 27 09:55 /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
Change the user for the dict service
---- %< ----
service dict { user = vmail # <-- This was IMPORTANT in my setup !!! unix_listener dict { user = vmail } }
---- %< ----
This allows me to establish an SSL-encrypted connection to MariaDB without receiving any error messages in the log.
The only things left are the two warning messages
---- %< ----
... dovecot[10936]: lmtp(11085): Warning: Leaked settings: ssl-settings.c:234 ... dovecot[10936]: lmtp(11085): Warning: Leaked settings: ssl-settings.c:231
---- %< ----
Thank you very much for your time and effort, and for your quick responses.
Greetings Klaus.
--