I'm using SSL for dovecot, and dovecot kindly warned me on startup that I needed the ssl_dh parameter, which I specified:

# grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf 
ssl_dh = </etc/dovecot/dh.pem

And I generated the file, as specified in the comment:

# openssl dhparam -out /etc/dovecot/dh.pem 4096

The file contains the appropriate headers:

# grep -P '^\-' /etc/dovecot/dh.pem
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----

However, when I restart dovecot (systemctl restart dovecot) I get the following error:

lmtp(8221): Error: SSL context initialization failed, disabling SSL: 

Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS

This message repeats 5 times (presumably for each dovecot service?).

In /var/log/dovecot/imap.log, I see the same error.

I even gave permission to the dh.pem file for the *vmail* user and group, but that didn't seem to change anything.

Any ideas?

Thanks.