<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>>:</div><br class="Apple-interchange-newline"><div class=""><div class=""><br class="">On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> wrote:<br class=""><br class=""><blockquote type="cite" class="">On 10.4.2019 12.36, Laura Smith via dovecot wrote:<br class=""><br class=""><blockquote type="cite" class="">Dovecot 2.3.3 (dcead646b)<br class="">openSUSE Leap 15.0<br class="">I am getting a weird error message:<br class="">Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied<br class="">I have tried the following:<br class=""><br class="">- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)<br class="">- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl<br class=""><br class="">How can I fix this ? There's no obvious solution ?<br class=""></blockquote><br class="">Are you by chance using selinux? If you are, you might need to relabel<br class="">the files.<br class=""><br class="">Aki<br class=""></blockquote><br class="">This is openSUSE, not Centos, I don't think it even comes with selinux.<br class=""></div></div></blockquote></div><br class=""><div class="">Maybe apparmor?</div><div class=""><br class=""></div><div class=""><a href="https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071" class="">https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071</a></div><div class=""><br class=""></div><div class=""> > OpenSuSE and apparmor expect dovecot certs to be in /etc/ssl/private</div><div class=""> > ISPConfig setup script expects SSL certs to be in /etc/postfix but apparmor prevents dovecot from reading them in that directory</div><div class=""><br class=""></div><div class="">Otherwise you could login as dovecot user (temporarily change the shell to bash if needed; usermod -s /bin/bash) and see if you can access the certificate.</div><div class="">Check all directory/file permissions, including acls (man getfacl), along the path.</div><div class=""><br class=""></div><div class="">Best regards</div><div class="">Gerald</div></body></html>