On Mon, 2025-10-06 at 12:23 -0400, Jason J.G. White via dovecot wrote:

I'm trying Dovecot 2.4.1 under Fedora 43 beta with all packages up to date. I've encountered several issues after attempting to update my configuration. The main problem is this: whenever a client attempts to connect, I get the following error

Error: Failed to initialize SSL connection: Couldn't initialize SSL server context: Can't load SSL certificate (ssl_server_cert_file setting): error:0A00018F:SSL routines::ee key too small:

There are some quirks in 2.4.1 where environment variables don't work for ssl cert specification (or in some other areas). 

May be different issue to yours, as this might have been a problem using doveconf to check config, or at server start. But it was quite some time back now, so not sure at this point. It has been working quite well here.

But, in case it's relevant, you may want to avoid env things: i.e.

dont use the $ENV.xxx to specify cert dir stuff - it doesn't work.

Fill in the path explicitly.

ssl_server { # broken: cert_file = $ENV:cert_dir/fullchain.pem # broken: key_file = $ENV:cert_dir/privkey.pem cert_file = /path/to/fullchain.pem key_file = /path/to/privkey.pem prefer_ciphers = client }

-- Gene