10-ssl ssl = no but dovecot still reads certs
Peter van Dijk
peter.van.dijk at powerdns.com
Sat Jul 22 04:04:43 EEST 2017
On 16 Jun 2017, at 10:29, lists at lazygranch.com wrote:
> I'm bringing up a new email server starting without TLS initially. In
> 10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key
> lines are not commented out. I got the obvious error message:
> ------------------------------
> doveconf: Fatal: Error in configuration
> file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert:
> Can't
> open file /etc/ssl/certs/dovecot.pem: No such file or
> directory /usr/local/etc/rc.d/dovecot: WARNING: failed to start
> dovecot
> --------------------------
>
> No big deal, but I don't remember this being an issue the last time I
> set up a server. You would think if ssl=no, the ssl_cert and ssl_key
> files would not be opened.
My guess is you have set ssl_cert=</etc/ssl/certs/dovecot.pem and it
fails to read the file. At that stage it has no idea that ssl=no makes
that file irrelevant - only much later will Dovecot ignore the value of
ssl_cert because ssl=no, but it never gets there because this initial
stage of reading the config has already failed. This is, as I recall it,
the sensible explanation I got from one of the Dovecot developers.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dovecot
mailing list