Dear dovecot mailing list,
Maybe you'll have an idea.
I upgraded from Debian bookworm to trixie this morning.
Along with this upgrade, dovecot went to 2.4.1 .
I adapted the configuration files.
The server starts but the clients cannot retrieve emails.
The error message in the logs is:
dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't
initialize SSL server context: Can't load SSL certificate
(ssl_server_cert_file setting): The certificate is empty
In iostream-openssl-context.c:ssl_iostream_context_set(), I adapted this
error message to see whether a path could be found for this server cert
file:
t_strdup_printf(
"Can't load SSL certificate (%s setting with path
'%s'): %s",
ctx->client_ctx ? "ssl_client_cert_file" :
"ssl_server_cert_file",
set->cert.cert.path,
openssl_iostream_use_certificate_error(set->cert.cert.content)
The outcome was that the path is empty as well:
dovecot: pop3-login: Error: Failed to initialize SSL connection: Couldn't
initialize SSL server context: Can't load SSL certificate
(ssl_server_cert_file setting with path ''): The certificate is empty
Then, I adapted ssl-settings.c:ssl_server_settings_check() to show the
content of the server certificate file at that stage (with stdio):
FILE
*file_ptr;file_ptr=fopen("/tmp/output.txt","a");if(file_ptr!=NULL){fprintf(file_ptr,"server
check %s\n",set->ssl_server_cert_file);fclose(file_ptr);}
The outcome was that the file is not empty at this stage:
server check /etc/letsencrypt/live/<MY_SERVER>/fullchain.pem
-----BEGIN CERTIFICATE-----
<MY_CERT>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<MY_CERT>
-----END CERTIFICATE-----
Is there any potential reason for this disappearance between the calls?
Thanks!
Louis.
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
