Dear dovecot mailing list, Maybe you'll have an idea. I upgraded from Debian bookworm to trixie this morning. Along with this upgrade, dovecot went to 2.4.1 . I adapted the configuration files. The server starts but the clients cannot retrieve emails. The error message in the logs is: dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): The certificate is empty
In iostream-openssl-context.c:ssl_iostream_context_set(), I adapted this error message to see whether a path could be found for this server cert file:
t_strdup_printf(
"Can't load SSL certificate (%s setting with path '%s'): %s",
ctx->client_ctx ? "ssl_client_cert_file" :
"ssl_server_cert_file",
set->cert.cert.path, openssl_iostream_use_certificate_error(set->cert.cert.content) The outcome was that the path is empty as well:dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting with path ''): The certificate is empty
Then, I adapted ssl-settings.c:ssl_server_settings_check() to show the content of the server certificate file at that stage (with stdio):FILE *file_ptr;file_ptr=fopen("/tmp/output.txt","a");if(file_ptr!=NULL){fprintf(file_ptr,"server check %s\n",set->ssl_server_cert_file);fclose(file_ptr);}
The outcome was that the file is not empty at this stage: server check /etc/letsencrypt/live/<MY_SERVER>/fullchain.pem
-----BEGIN CERTIFICATE-----
<MY_CERT>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<MY_CERT> -----END CERTIFICATE----- Is there any potential reason for this disappearance between the calls? Thanks! Louis.
Dear dovecot mailing list, Maybe you'll have an idea. I upgraded from Debian bookworm to trixie this morning. Along with this upgrade, dovecot went to 2.4.1 . I adapted the configuration files. The server starts but the clients cannot retrieve emails. The error message in the logs is:
dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): The certificate is empty
In iostream-openssl-context.c:ssl_iostream_context_set(), I adapted this error message to see whether a path could be found for this server cert file:
t_strdup_printf(
"Can't load SSL certificate (%s setting with path'%s'): %s",
ctx->client_ctx ? "ssl_client_cert_file" :
"ssl_server_cert_file",
set->cert.cert.path,openssl_iostream_use_certificate_error(set->cert.cert.content) The outcome was that the path is empty as well: dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting with path ''): The certificate is empty Then, I adapted ssl-settings.c:ssl_server_settings_check() to show the content of the server certificate file at that stage (with stdio): FILE *file_ptr;file_ptr=fopen("/tmp/output.txt","a");if(file_ptr!=NULL){fprintf(file_ptr,"server check %s\n",set->ssl_server_cert_file);fclose(file_ptr);} The outcome was that the file is not empty at this stage:
server check /etc/letsencrypt/live/<MY_SERVER>/fullchain.pem
-----BEGIN CERTIFICATE-----
<MY_CERT>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<MY_CERT>
-----END CERTIFICATE----- Is there any potential reason for this disappearance between the calls? Thanks! Louis.