I have computers at two different locations and one computer running dovecot at each place. I sync my emails between these two servers using ssh and I haven't had any problems with this lately until I upgraded dovecot recently. I now get the following error at location "alfa" when trying to sync with dovecot at location "delta" Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied Jan 20 16:13:09 dsync-local(johan at oxyl.net)<FWBVNQN86WH52iQA1AGq6A>: Error: read(vmail at 192.168.119.12) failed: EOF (version not received) Jan 20 16:13:09 dsync-local(johan at oxyl.net)<FWBVNQN86WH52iQA1AGq6A>: Error: Remote command returned error 89: ssh -q -p 22 -o StrictHostKeyChecking=no -i /datastorage/epost/vmail/.ssh/id_ecdsa -lvmail 192.168.119.12 doveadm dsync-server -ujohan at oxyl.net Trying to sync from "delta" i get the same error but the domain is changed in the error-message to 'alfa.oxyl.net' I can read mail at both locations using STARTTLS. There is no error in dovecot.log when I restart the service. If I disable ssl and comment out ssl_cert/ssl_key in 10-ssl.conf I have no trouble performing sync between servers. If I run the ssh-command in the error-message as user vmail I get the same ssl-error as above. Any ideas how to solve this? /Johan P?lsson
Hello Am 20.01.22 um 16:32 schrieb Johan:> > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission deniedCheck permission on /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem Kind regards, Christian Mack -- Christian Mack Universit?t Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung und Lehre 78457 Konstanz +49 7531 88-4416 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5351 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20220125/e8d4316f/attachment.bin>
I realize I forgot some information... Im running Debian 11 on both servers and dovecot is installed using debian-packages, version 2.3.13 (89f716dc2) /Johan P?lsson Den 2022-01-20 kl. 16:32, skrev Johan:> I have computers at two different locations and one computer running > dovecot at each place. I sync my emails between these two servers using > ssh and I haven't had any problems with this lately until I upgraded > dovecot recently. > > I now get the following error at location "alfa" when trying to sync > with dovecot at location "delta" > > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied > > Jan 20 16:13:09 dsync-local(johan at oxyl.net)<FWBVNQN86WH52iQA1AGq6A>: > Error: read(vmail at 192.168.119.12) failed: EOF (version not received) > > Jan 20 16:13:09 dsync-local(johan at oxyl.net)<FWBVNQN86WH52iQA1AGq6A>: > Error: Remote command returned error 89: ssh -q -p 22 -o > StrictHostKeyChecking=no -i /datastorage/epost/vmail/.ssh/id_ecdsa > -lvmail 192.168.119.12 doveadm dsync-server -ujohan at oxyl.net > > > Trying to sync from "delta" i get the same error but the domain is > changed in the error-message to 'alfa.oxyl.net' > > I can read mail at both locations using STARTTLS. There is no error in > dovecot.log when I restart the service. If I disable ssl and comment out > ssl_cert/ssl_key in 10-ssl.conf I have no trouble performing sync > between servers. > > If I run the ssh-command in the error-message as user vmail I get the > same ssl-error as above. > > Any ideas how to solve this? > > /Johan P?lsson >
On 2022-01-20, Johan <johan at oxyl.net> wrote:> I have computers at two different locations and one computer running > dovecot at each place. I sync my emails between these two servers using > ssh and I haven't had any problems with this lately until I upgraded > dovecot recently. > > I now get the following error at location "alfa" when trying to sync > with dovecot at location "delta" > > Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file > /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission deniedThis is a problem that was introduced in 2.3.11 and fixed in 2.3.17. Updating would be better, but as a workaround you can move the ssl_key line to a separate config file, make it only readable by root, and use e.g. !include_try /etc/dovecot/ssl-keys.conf to pull it in.