Hi, I'm George and I think I've been running dovecot for like more than a decade now without any troubles, so: WOW!

Nevertheless, after an upgrade from FreeBSD 13.2 to 13.3 plus "pkg upgrade" my dovecot installation refuses to load the ssl certificates. I've tried a version built from source as well as the package.

The Problem seems to be something with loading of DSO's:

Jul 31 16:42:11 murl dovecot[10801]: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate (ssl_cert setting): error:25066067:DSO support routines:dlfcn_load:could not load the shared library: filename(libproviders.so): Shared object "libproviders.so" not found, required by "imap-login", error:25070067:DSO support routines:DSO_load:could not load the shared library, error:0E07506E:configuration file routines:module_load_dso:error loading dso: module=providers, path=providers, error:0E076071:configuration file routines:mo

I have never seen 'libproviders' and there's not a lot on it on the internet as well.

Here comes my (dead-simple) 'dovecot -n':

# 2.3.21 (47349e2482): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 13.3-RELEASE-p4 amd64 # Hostname: murl.graf.priv.at auth_mechanisms = plain login disable_plaintext_auth = no mail_location = maildir:~/Maildir:LAYOUT=fs:INBOX=~/Maildir passdb { driver = pam } protocols = imap ssl_cert = </root/.acme.sh/graf.priv.at/fullchain.cer ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { args = blocking=yes driver = passwd } verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep }

My openssl s_client shows that the server hangs up (while producing the above log entry):

# openssl s_client -servername graf.priv.at -connect graf.priv.at:imaps CONNECTED(00000003) write:errno=0

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 314 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)

=========================================================================================================

Just to mention: plaintext IMAP is still working:

# telnet graf.priv.at imap Trying 78.41.116.33... Connected to graf.priv.at. Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. u login georg <mysupersecretpassword> u OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAM ESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITE RAL+ NOTIFY] Logged in r select INBOX
• FLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent $label5 $label3)
• OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft $Forwarded $MDNSent $label5 $label3 \*)] Flags permitted.
• 359 EXISTS
• 0 RECENT
• OK [UNSEEN 2] First unseen.
• OK [UIDVALIDITY 1509040425] UIDs valid
• OK [UIDNEXT 11767] Predicted next UID
• OK [HIGHESTMODSEQ 19640] Highest r OK [READ-WRITE] Select completed (0.006 + 0.000 + 0.005 secs). s logout

• BYE Logging out s OK Logout completed (0.001 + 0.000 secs). Connection closed by foreign host.

Any helping hint is highly appreciated!

Thank you very much,

George