10-ssl.conf: Unknown setting: ssl / debian 1:2.2.13-12~deb8u
Hi,
I've been trying to get dovecot2 running and kept having this error message:
May 13 13:38:32 mail systemd[1]: Started Dovecot IMAP/POP3 email server. May 13 13:38:32 mail dovecot[2178]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 61: Unknown setting: ssl
dovecot --build-options
Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql
openssl version
OpenSSL 1.0.1t 3 May 2016
This package is from from Debian repos with version number 1:2.2.13-12~deb8u amd64
In case I had inadvertently entered some invisible charaters in 10-ssl.conf, I deleted and typed this out. Not copy-pasted:
>10-ssl.conf
cat 10-ssl.conf
echo 'ssl = required' >10-ssl.conf
echo 'ssl_key = </etc/ssl/private/xxx.key' >>10-ssl.conf
echo 'ssl_cert = </etc/ssl/private/xxx.pem' >>10-ssl.conf
I’ve done usual searching online for a week and read some dox, but cannot see what I’ve missed out. Any ideas? Please?
Thanks, Sophie
Hi Sophie
did you try the following steps?
- rename /etc/dovecot/conf.d/10-ssl.conf to /etc/dovecot/conf.d/10-ssl.conf.bak
- copy /usr/share/dovecot/conf.d/10-ssl.conf to /etc/dovecot/conf.d/
- restart dovecot
what happens? start dovecot normally?
if so
make a new cert with /usr/share/dovecot/mkcert.sh
and do changes in /etc/dovecot/conf.d/10-ssl.conf
ssl = yes ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem
then restart dovecot. What happens now?
Best regards Stefan
Am 18.05.2017 um 22:01 schrieb Sophie Loewenthal:
Hi Stefan,
My apologies for the long delay. Been ill.
I tried this and had an error,
mv /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.bak
cp -p /usr/share/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/
/etc/init.d/dovecot restart
/var/log/daemon.log Jun 4 11:05:55 mail systemd[1]: Starting Dovecot IMAP/POP3 email server... Jun 4 11:05:55 mail systemd[1]: Started Dovecot IMAP/POP3 email server. Jun 4 11:05:55 mail dovecot[969]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 6: Unknown setting: ssl Jun 4 11:05:55 mail dovecot[969]: doveconf: Error: managesieve-login: dump-capability process returned 89 Jun 4 11:05:55 mail dovecot[969]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 6: Unknown setting: ssl Jun 4 11:05:55 mail systemd[1]: dovecot.service: main process exited, code=exited, status=89/n/a Jun 4 11:05:55 mail systemd[1]: Unit dovecot.service entered failed state.
Hi Aki,
dovecot --build-options
Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql
--
On June 5, 2017 8:59:08 AM CEST, Aki Tuomi <aki.tuomi@dovecot.fi> wrote:
doveconf -a
2.2.13: /etc/dovecot/dovecot.conf
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 6: Unknown setting: ssl doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 35: Invalid size: $default_vsz_limit
grep default_vsz_limit /etc/dovecot/conf.d/10-master.conf
default_vsz_limit = 128M vsz_limit = $default_vsz_limit
vsz_limit = $default_vsz_limit
Aki,
is it possible to have doveconf print the current section upon error? Like, change the following error message
May 13 13:38:32 mail dovecot[2178]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 61: Unknown setting: ssl
to something like
May 13 13:38:32 mail dovecot[2178]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 61: Unknown setting: ssl (in config section "imap-login")
That would have made it a bit easier to spot the misconfiguration.
Best, Matthias
On 06/05/2017 09:51 AM, Aki Tuomi wrote:
https://github.com/dovecot/core/commit/e3d797bc851dc90fb88e68ae715c204d0f46e...
Aki
On 05.06.2017 12:42, Matthias Sitte wrote:
Hi,
in line 17 of your 10-master.conf you enable the "imap-login" service, but you fail to close the config section in line 36 ... :-)
That results in loading 10-ssl.conf and trying to apply the "ssl" option to "imap-login" which of course doesn't apply here.
Best,
Matthias
On 06/05/2017 09:43 AM, Sophie Loewenthal wrote:
Hi,
Changed to this et voila!
Thank you all.
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps { port = 993
ssl = yes
}
Number of connections to handle before starting a new process. Typically
the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
is faster. <doc/wiki/LoginProcess.txt>
service_count = 1
Number of processes to always keep waiting for more connections.
process_min_avail = 1
If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit }
participants (4)
-
Aki Tuomi
-
Matthias Sitte
-
S. Kremer
-
Sophie Loewenthal