dovecot - Jun 2017 - 10-ssl ssl = no but dovecot still reads certs

I'm bringing up a new email server starting without TLS initially. In
10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key
lines are not commented out. I got the obvious error message:
------------------------------
doveconf: Fatal: Error in configuration
file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't
open file /etc/ssl/certs/dovecot.pem: No such file or
directory /usr/local/etc/rc.d/dovecot: WARNING: failed to start dovecot
--------------------------

No big deal, but I don't remember this being an issue the last time I
set up a server. You would think if ssl=no, the ssl_cert and ssl_key
files would not be opened.

On 16 Jun 2017, at 10:29, lists at lazygranch.com wrote:
> I'm bringing up a new email server starting without TLS initially. In
> 10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key
> lines are not commented out. I got the obvious error message:
> ------------------------------
> doveconf: Fatal: Error in configuration
> file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: 
> Can't
> open file /etc/ssl/certs/dovecot.pem: No such file or
> directory /usr/local/etc/rc.d/dovecot: WARNING: failed to start 
> dovecot
> --------------------------
>
> No big deal, but I don't remember this being an issue the last time I
> set up a server. You would think if ssl=no, the ssl_cert and ssl_key
> files would not be opened.
My guess is you have set ssl_cert=</etc/ssl/certs/dovecot.pem and it 
fails to read the file. At that stage it has no idea that ssl=no makes 
that file irrelevant - only much later will Dovecot ignore the value of 
ssl_cert because ssl=no, but it never gets there because this initial 
stage of reading the config has already failed. This is, as I recall it, 
the sensible explanation I got from one of the Dovecot developers.

Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

Hi,

Can you please post your doveconf -n output.

Sami
> On 16 Jun 2017, at 11.29, lists at lazygranch.com wrote:
> 
> I'm bringing up a new email server starting without TLS initially. In
> 10-ssl.conf I set ssl = no, but the default ssl_cert and ssl_key
> lines are not commented out. I got the obvious error message:
> ------------------------------
> doveconf: Fatal: Error in configuration
> file /usr/local/etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't
> open file /etc/ssl/certs/dovecot.pem: No such file or
> directory /usr/local/etc/rc.d/dovecot: WARNING: failed to start dovecot
> --------------------------
> 
> No big deal, but I don't remember this being an issue the last time I
> set up a server. You would think if ssl=no, the ssl_cert and ssl_key
> files would not be opened.