Problem:
We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we upgraded openSUSE to Leap 15.0.
In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer works and I haven't figured out how to downgrade to the older working version.
The key issue seems to be the change to requiring dh.pem and changing ssl_protocols to ssl_min_protocols. I think I've navigated both correctly, but it still doesn't work.
The error is
auth: Error: stats: open(old-stats-user) failed: Permission denied
as a consequence of which we get
imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: There is no valid PEM certificate.
We have followed the instructions at
https://wiki.dovecot.org/SSL/DovecotConfiguration 1. We have created /etc/dovecot/dh.pem
(yes it took five hours)
2. We have edited
10-ssl.conf as directed by the Wiki:
ssl = yes
ssl_cert = /etc/certbot/live/privustech.com/fullchain.pem
ssl_key = /etc/certbot/live/privustech.com/privkey.pem
ssl_dh = /etc/dovecot/dh.pem #(yes, it took five hours to create...)
ssl_min_protocol = TLSv1
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = no
3. We have checked 10-ssl.conf against the 2.3 default at
4. We do NOT include the less than (
<) symbol before the paths because then dovecot fails to load complaining it cannot find the files.
5. we have checked all the pem keys, certificates, and dh files with cat
, they all exist and are in the expected hash format.
6. We have followed the instructions to set their permissions root:root 0444
and 0400
accordingly.
7. We have rebooted the host.
Any help or clues would be most appreciated.
Kind regards, Andy