I'm using SSL for dovecot, and dovecot kindly warned me on startup that I
needed the ssl_dh parameter, which I specified:
# grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf
ssl_dh = </etc/dovecot/dh.pem
And I generated the file, as specified in the comment:
# openssl dhparam -out /etc/dovecot/dh.pem 4096
The file contains the appropriate headers:
# grep -P '^\-' /etc/dovecot/dh.pem
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
However, when I restart dovecot (`systemctl restart dovecot`) I get the
following error:
lmtp(8221): Error: SSL context initialization failed, disabling SSL:
Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no
start line: Expecting: DH PARAMETERS
This message repeats 5 times (presumably for each dovecot service?).
In /var/log/dovecot/imap.log, I see the same error.
I even gave permission to the `dh.pem` file for the *vmail* user and group, but
that didn't seem to change anything.
Any ideas?
Thanks.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: This is a digitally signed message part.
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20180219/96dc0973/attachment.sig>