With a recent update, I started seeing this: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied 1 4 * * * vmail /usr/bin/doveadm expunge -A mailbox MAILBOXINQUESTION savedbefore 1w is one of the crontab entries I am seeing this for. Is there an option to keep doveadm from trying to use the ssl cert from that configuration file? I do not want to have the vmail user having access to the pem cert. Thank you. Trever
Citeren "Trever L. Adams" <trever at middleearth.sapphiresunday.org>:> With a recent update, I started seeing this: > > doveconf: Fatal: Error in configuration file > /etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file > /etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied > > 1 4 * * * vmail /usr/bin/doveadm expunge -A mailbox > MAILBOXINQUESTION savedbefore 1w > > is one of the crontab entries I am seeing this for. > > Is there an option to keep doveadm from trying to use the ssl cert > from that configuration file? I do not want to have the vmail user > having access to the pem cert.Rename your existing 10-ssl.conf to 10-ssl.conf.ext and make it readable by root only. Now create a new 10-ssl.conf file with the following content: # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = no !include_try 10-ssl.conf.ext This will cause all non-root users to disable SSL and will only enable it when started as root.
On 10/25/20 6:02 AM, Arjen de Korte wrote:> > ? # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> > ? ssl = no > > ? !include_try 10-ssl.conf.extThank you very much. This did exactly what I needed.