On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:> On 10.4.2019 12.36, Laura Smith via dovecot wrote: > > > Dovecot 2.3.3 (dcead646b) > > openSUSE Leap 15.0 > > I am getting a weird error message: > > Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied > > I have tried the following: > > > > - chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755) > > - create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl > > > > How can I fix this ? There's no obvious solution ? > > Are you by chance using selinux? If you are, you might need to relabel > the files. > > AkiThis is openSUSE, not Centos, I don't think it even comes with selinux.
> Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot <dovecot at dovecot.org>: > > > On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> On 10.4.2019 12.36, Laura Smith via dovecot wrote: >> >>> Dovecot 2.3.3 (dcead646b) >>> openSUSE Leap 15.0 >>> I am getting a weird error message: >>> Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied >>> I have tried the following: >>> >>> - chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755) >>> - create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl >>> >>> How can I fix this ? There's no obvious solution ? >> >> Are you by chance using selinux? If you are, you might need to relabel >> the files. >> >> Aki > > This is openSUSE, not Centos, I don't think it even comes with selinux.Maybe apparmor? https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071 <https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071> > OpenSuSE and apparmor expect dovecot certs to be in /etc/ssl/private > ISPConfig setup script expects SSL certs to be in /etc/postfix but apparmor prevents dovecot from reading them in that directory Otherwise you could login as dovecot user (temporarily change the shell to bash if needed; usermod -s /bin/bash) and see if you can access the certificate. Check all directory/file permissions, including acls (man getfacl), along the path. Best regards Gerald -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190410/54a51891/attachment.html>
On Wednesday, April 10, 2019 11:40 AM, Gerald Galster via dovecot <dovecot at dovecot.org> wrote:> > Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot <dovecot at dovecot.org>: > > > > On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > > > > > On 10.4.2019 12.36, Laura Smith via dovecot wrote: > > > > > > > Dovecot 2.3.3 (dcead646b) > > > > openSUSE Leap 15.0 > > > > I am getting a weird error message: > > > > Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied > > > > I have tried the following: > > > > > > > > - ??chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755) > > > > - ??create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl > > > > > > > > How can I fix this ? There's no obvious solution ? > > > > > > Are you by chance using selinux? If you are, you might need to relabel > > > the files. > > > > > > Aki > > > > This is openSUSE, not Centos, I don't think it even comes with selinux. > > Maybe apparmor? > > https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071 > > ?> OpenSuSE and apparmor expect dovecot certs to be in /etc/ssl/private > ?> ISPConfig setup script expects SSL certs to be in /etc/postfix but apparmor prevents dovecot from reading them in that directory > > Otherwise you could login as dovecot user (temporarily change the shell to bash if needed; usermod -s /bin/bash) and see if you can access the certificate. > Check all directory/file permissions, including acls (man getfacl), along the path. > > Best regards > Gerald@Gerald?? Spot on with apparmor !