Hello,
on a farm of multiple identical dovecot servers I start seeing this error on
usual POP3S access on one of many servers:
pop3-login: Error: Failed to initialize SSL server context: Can't load SSL
certificate (ssl_cert setting): The certificate is empty:
I'm running 2.3.14 compiled against openssl-1.1.1k on Debian Buster
Looks like it's this code:
https://github.com/dovecot/core/blob/a5209c83c3a82386c94d466eec5fea394973e88f/src/lib-ssl-iostream/iostream-openssl-common.c#L322
called from here:
https://github.com/dovecot/core/blob/a5209c83c3a82386c94d466eec5fea394973e88f/src/lib-ssl-iostream/iostream-openssl-context.c#L453
To me it /looks/ like a resource problem. The farm handle a million pop3
sessions per hour while only 50k (5%) are using TLS.
The farm is up and running since ~2 weeks. When started, the automatic
deployment *did* check that pop3s was working well.
Also today on all farmservers the certificate file is valid, contain expected
content.
the server is currently offline but not restarted to allow further
investigation.
the setup is quite normal
just checked over all Farmservers:
- doveconf | grep ssl | sha256sum
- sha256sum $( doveconf | grep 'ssl_cert = <' | awk -F\< '{
print $2 }' )
the output is identical.
Any idea is appreciated ...
Andreas