/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism
Marcus Rückert
darix at opensu.se
Wed May 27 14:14:00 UTC 2015
On Mon, 16 Feb 2015 10:09:16 +0100
"Wolfgang Gross" <WGross at uni-hd.de> wrote:
> Hi,
>
> this is not a genuine Dovecot bug, more a nuisance.
> It applies to OpenSuse 13.2 but maybe also to other Linux's.
>
> The standard installation of Dovecot (especially 10-ssl.conf) places
> the certificate dovecot.pem in /etc/ssl/certs.
> Sometimes during updates does OpenSuse renew all certificates
> in /etc/ssl/certs and erases dovecot.pem. This blocks further access
> to the mailbox.
>
> I found a similar report here:
> https://bbs.archlinux.de/viewtopic.php?id=27288
>
> Workaround: Move dovecot.pem to another directory and change
> 10-ssl.conf accordingly.
This is *not* our update mechanism. This is update-ca-certificates,
which will wipe /etc/ssl/certs/ when it is called. This can happen to
you on any distro using it. My recommendation is to
use /etc/ssl/private/ for all service related files. Certs and keys.
HTH
darix
--
openSUSE - SUSE Linux is my linux
openSUSE is good for you
www.opensuse.org
More information about the dovecot
mailing list