/etc/ssl/certs/dovecot.pem erased by OpenSuse's update mechanism

Marcus Rückert darix at opensu.se
Wed May 27 14:14:00 UTC 2015


On Mon, 16 Feb 2015 10:09:16 +0100
"Wolfgang Gross" <WGross at uni-hd.de> wrote:

> Hi,
> 
> this is not a genuine Dovecot bug, more a nuisance.
> It applies to OpenSuse 13.2 but maybe also to other Linux's.
> 
> The standard installation of Dovecot (especially 10-ssl.conf) places
> the certificate dovecot.pem in /etc/ssl/certs.
> Sometimes during updates does OpenSuse renew all certificates
> in /etc/ssl/certs and erases dovecot.pem. This blocks further access
> to the mailbox.
> 
> I found a similar report here:
>   https://bbs.archlinux.de/viewtopic.php?id=27288
> 
> Workaround: Move dovecot.pem to another directory and change
> 10-ssl.conf accordingly.

This is *not* our update mechanism. This is update-ca-certificates,
which will wipe /etc/ssl/certs/ when it is called. This can happen to
you on any distro using it. My recommendation is to
use /etc/ssl/private/ for all service related files. Certs and keys.

HTH

    darix

-- 
          openSUSE - SUSE Linux is my linux
              openSUSE is good for you
                  www.opensuse.org


More information about the dovecot mailing list