I'm using SSL for dovecot, and dovecot kindly warned me on startup that I needed the ssl_dh parameter, which I specified: # grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf ssl_dh = </etc/dovecot/dh.pem And I generated the file, as specified in the comment: # openssl dhparam -out /etc/dovecot/dh.pem 4096 The file contains the appropriate headers: # grep -P '^\-' /etc/dovecot/dh.pem -----BEGIN DH PARAMETERS----- -----END DH PARAMETERS----- However, when I restart dovecot (`systemctl restart dovecot`) I get the following error: lmtp(8221): Error: SSL context initialization failed, disabling SSL: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS This message repeats 5 times (presumably for each dovecot service?). In /var/log/dovecot/imap.log, I see the same error. I even gave permission to the `dh.pem` file for the *vmail* user and group, but that didn't seem to change anything. Any ideas? Thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20180219/96dc0973/attachment.sig>
On 2018-02-19 (14:08 MST), jordan.h at startmail.com wrote:> > I'm using SSL for dovecot, and dovecot kindly warned me on startup that I > needed the ssl_dh parameter, which I specified:doveconf -n -- They say whisky'll kill you, but I don't think it will I'm ridin' with you to the top of the hill
Here's the configuration: https://pastebin.com/ufyQkaBX On Monday, February 19, 2018 7:15:31 PM PST @lbutlr wrote:> On 2018-02-19 (14:08 MST), jordan.h at startmail.com wrote: > > I'm using SSL for dovecot, and dovecot kindly warned me on startup that I > > > needed the ssl_dh parameter, which I specified: > doveconf -n-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 630 bytes Desc: This is a digitally signed message part. URL: <https://dovecot.org/pipermail/dovecot/attachments/20180222/99b067e4/attachment.sig>
Maybe Matching Threads
- lmtp: Couldn't parse DH parameters
- lmtp: Couldn't parse DH parameters
- New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
- New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"
- New install - getting error: "Failed to initialize SSL server context: Couldn't parse DH parameters"