Dovecot.conf and letsencrypt again


yesterday I’ve got similar errors like in:

During automatic letsencrypt update by virtualmin (Debian 10 buster) some domain entries in
dovecot.conf got scrambled like eggs:

As multiple closing brackets were missing, dovecot didn’t restart after reboot today.

BTW: the “my-domain” and “other-domain” lines (marked in orange) must have been
set wrongly some time before.

Just want to know: as we don’t need these cert lines in dovecot.conf anyway,
is there a setting to switch this behaviour of virtualmin off? I mean - we need
only the mail server’s cert in dovecot and no other.

Best regards,

PS: resolved this by manually removing the superflouus lines. Versions:
webmin:all/virtualmin-universal 1.954
webmin-virtual-server:all/virtualmin-universal 6.11.gpl

Did you do this morning’s updates? I think one of them fixed this.


As far as I know this was fixed by Webmin 1.954. But, I guess the updates didn’t happen on your system until after the LE update.

Hi Richard, Joe,

thanx for your answers. Yes, at the time of the letsencrypt-Run Webmin was perhaps at 1.953 at saturday evening. Update to 1.954 was on sunday before the reboot.

I usually do not use the letsencrypt functionality in webmin/virtualmin,
but “dehydrated” with an own script.

The above errors came from some “leftover” domains, not set to “only renew manually”.

But my question was:

Maybe this wasn’t clear enough. As I use only one host/domain per Server for mail/mx
for all domains, I don’t need all these certificate entries in dovecot.conf at all.

Is there a setting/way to disable entering these unneeded and error prown lines in
dovecot.conf at all? I think something like “postfix per ip” is comparable, isn’t it?

thanx in advance,

I don’t think there is any way to disable it, but I think our priority is fixing it so it doesn’t break Dovecot, and as far as I know, it is fixed. But, if there are still issues, we need to figure out what they are.

But, then again, I do think “one main domain” is still a better and more manageable/reliable practice for mail for most users, so maybe we do need an option to not setup SNI for dovecot.

1 Like

Funny this, my entire mail server went offline because somehow virtualmin mysteriously removed a closing bracket off the end of a single domains ssl directives . I cant believe it, how does this happen from an update exactly?

You could attempt to say i did it, however the mail server config file was auto generated and i havent touched it. By manually adding in the mysteriously missing closing bracket for that one domain resolved the issue immediately and the mail server starter working again.

Hello Joe,

Ok, thanx for your answer - I’ve always setup my servers so that I use only one mail server, and never had to think about the other certificates in dovecot.conf up to now. This “one mail server” has only one drawback AFAIK: if you move only one domain from a server to another, imap/pop3/smtp entries on the clients (and perhaps mx) have to be changed, too.

The good thing is: With one mail server, you have IMHO a better reputation and do need
only one feedback loop per big provider. Usually, if the mail server has only one IP - and sureley only one reverse dns - the mails of all hosted domains comes from this mailname/postfix server domain. So I found it always easier to adjust the autoconfig files with this single server name. If all domains
move to another host, may be you have a failoverip anyway and can move it along, too.

Just my 2¢

1 Like

Sorry to say, but it happened again, on the same server, which had been corrected and upgraded
to webmin 1.954 as stated above.

doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: Missing '}' (section started at /etc/dovecot/dovecot.conf:115)

So I may only assume, that this is not really fixed somewhere.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.