Hi,
I'm using the Dovecot Prebuilt Binary: deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-2.2 main
I configured multiple SSL certificates with client TLS SNI (see http://wiki2.dovecot.org/SSL/DovecotConfiguration).
Since my last update I get some warnings:
doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf line 4 doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 13: Global setting ssl_key won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf line 5 doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 12: Global setting ssl_cert won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf line 4 doveconf: Warning: /etc/dovecot/conf.d/10-ssl.conf line 13: Global setting ssl_key won't change the setting inside an earlier filter at /etc/dovecot/conf.d/10-ssl-langzeittest.de.conf line 5
The reason is this commit: doveconf: Log a warning if a global setting is updated after it was a… …lready set inside a filter https://github.com/dovecot/core/commit/87404eae4581d7ef834f490507503e59a5000...
My configuration is (shorted):
# dovecot -n # 2.2.devel (87404ea): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (215349a) # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10 [...] ssl_cert =
I understand, that the warning is correct. I configured ssl_cert and ssl_key both, globally (like a default) and in some local_name filters.
I tried already to move the global configuration of ssl_cert and ssl_key in an own local_name filter. It didn't work. No login possible:
dovecot: master: Dovecot v2.2.devel (87404ea) starting up for imap (core dumps disabled) dovecot: imap-login: Error: SSL: Stacked error: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY dovecot: imap-login: Fatal: Couldn't parse private ssl_key: Address family not supported by protocol
How is the correct configuration in this scenario?
Regards Oliver