I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 31: ssl_key: Can't open file /etc/pki/dovecot/private/mailserver.crt: Permission denied Different permissions on the mailserver.crt have no effect on the error. Maybe something I did in creating the file? I?m a little fuzzy when it comes to how you?re supposed to create the whole thing. Here are the steps I took: openssl genrsa -out mailserverkey.crt 2048 I then took the CSR, submitted it to Comodo, a certificate was generated and emailed back to me. I placed the certs in the appropriately referenced places on the server? And that is where I?m at. I?ve spent quite a bit of time comparing my working server?s configuration files to the new server and cannot find any differences in the SSL configuration, OTHER than the certs themselves. Is dovecot looking for something I didn?t do correctly in the creation maybe? Jeff J. Starion Technologies, LLC 816-331-0030
What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? Bill On 10/7/2017 7:30 PM, SH Development wrote:> I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: > > doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 31: ssl_key: Can't open file /etc/pki/dovecot/private/mailserver.crt: Permission denied > > Different permissions on the mailserver.crt have no effect on the error. > > Maybe something I did in creating the file? I?m a little fuzzy when it comes to how you?re supposed to create the whole thing. Here are the steps I took: > > openssl genrsa -out mailserverkey.crt 2048 > > I then took the CSR, submitted it to Comodo, a certificate was generated and emailed back to me. > > I placed the certs in the appropriately referenced places on the server? > > And that is where I?m at. I?ve spent quite a bit of time comparing my working server?s configuration files to the new server and cannot find any differences in the SSL configuration, OTHER than the certs themselves. Is dovecot looking for something I didn?t do correctly in the creation maybe? > > Jeff J. > Starion Technologies, LLC > 816-331-0030
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: >> >> doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 31: ssl_key: Can't open file /etc/pki/dovecot/private/mailserver.crt: Permission denied >> >> Different permissions on the mailserver.crt have no effect on the error. >> >> Maybe something I did in creating the file? I?m a little fuzzy when it comes to how you?re supposed to create the whole thing. Here are the steps I took: >> >> openssl genrsa -out mailserverkey.crt 2048 >> >> I then took the CSR, submitted it to Comodo, a certificate was generated and emailed back to me. >> >> I placed the certs in the appropriately referenced places on the server? >> >> And that is where I?m at. I?ve spent quite a bit of time comparing my working server?s configuration files to the new server and cannot find any differences in the SSL configuration, OTHER than the certs themselves. Is dovecot looking for something I didn?t do correctly in the creation maybe? >> >> Jeff J. >> Starion Technologies, LLC >> 816-331-0030