Dovecot 2.2.18 CentOS 6.7 (x86_64) Plesk 12.5.30

I have had Dovecot working fine with SSL for nearly two years now. It's time to renew the SSL certificate, so I did (same CA). The new certificate works fine in Apache and Postfix. But when I update Dovecot to use the same certificate, and restart the server, Dovecot stops responding to connects. I have triple-checked that the ssl_cert and ssl_key files are correct - all I did was change the names in the conf file. There's nothing in the log. I have tried various SSL tests but either they don't work (unspecific error) or they tell me nothing is wrong (and show the correct certificate.) I am running out of time to find a solution to this - what else can I look for?

The one difference for the certificates is that I opted for one with a SHA256 root rather than SHA1 root. I have separately used a tool to verify that the certificate and private key match.

Here is the end of the dovecot -n file that mentions SSL:

ssl = required ssl_cert = </etc/pki/tls/certs/hotslots-cert.pem ssl_cipher_list = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EDH+AESGCM+AES128:EDH+AESGCM+AES256:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EDH+SHA256+AES128:EDH+SHA256+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EDH+SHA1+AES128:EDH+SHA1+AES256:EECDH+HIGH:EDH+HIGH:AESGCM+AES128:AESGCM+AES256:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!KRB5:!aECDH:!EDH+3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/hotslots-private.pem ssl_protocols = TLSv1.1 TLSv1.2 !TLSv1 userdb { args = uid=popuser gid=popuser driver = static } protocol imap { mail_plugins = " quota imap_quota" } protocol pop3 { pop3_uidl_format = UID%u-%v } protocol lda { mail_plugins = " quota sieve" }

(The !TLSv1 doesn't seem to be honored - I tried it with and without that. A problem for later.)

Thanks for any help.

Steve L