On 23. Aug 2025, at 23.43, Louis Villedieu via dovecot <dovecot@dovecot.org> wrote:
Dear dovecot mailing list, Maybe you'll have an idea. I upgraded from Debian bookworm to trixie this morning. Along with this upgrade, dovecot went to 2.4.1 . I adapted the configuration files. The server starts but the clients cannot retrieve emails. The error message in the logs is:
dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): The certificate is empty
It's at least not a common problem, since many people are successfully running it. So a bit difficult to say. doveconf -n output might be helpful. You can also debug it further with:
In iostream-openssl-context.c:ssl_iostream_context_set(), I adapted this error message to see whether a path could be found for this server cert file:
t_strdup_printf(
"Can't load SSL certificate (%s setting with path'%s'): %s",
ctx->client_ctx ? "ssl_client_cert_file" : "ssl_server_cert_file", set->cert.cert.path,openssl_iostream_use_certificate_error(set->cert.cert.content)
You can attach gdb here to this place. Add code:
raise(SIGSTOP);
And early into file #include <signal.h>
Now when this error is reached, the process is stopped and you can: gdb -p <pid of stopped imap-login process>
There you can inspect the settings where it goes wrong. Especially it seems in io_stream_autocreate_ssl_server() "ssl_server_set" contains the correct path but "set" doesn't?