I’m conscious that I might be repeating existing posts and I know there has been some work done on this, thought I would give my feedback having applied the latest updates and in case anything still needs to be sorted.
Updated to the above versions last night - because there was also a certbot update I then did an SSL renew to make sure all was working.
Checked my email client this morning - it seemed dovecote was down, a missing bracket:
… just to be clear - all of this (missing curly bracket) happened with you with Webmin 1.954 and Virtualmin 6.11? If so, are you sure about that? If so, is there a way to share dovecot.conf file as it was prior calling Lets Encrypt renewal?
dovecote.conf - after updating webmin & virtualmin but before LE cert request:
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
local_name mail.mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.cert
ssl_key = </home/mysystemdomain/ssl.key
}
local_name mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.cert
ssl_key = </home/mysystemdomain/ssl.key
ssl_ca = </home/mysystemdomain/ssl.ca
}
local_name www.mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.cert
ssl_key = </home/mysystemdomain/ssl.key
ssl_ca = </home/mysystemdomain/ssl.ca
}
local_name anotherdomain.com {
ssl_cert = </home/anotherdomain/ssl.cert
ssl_key = </home/anotherdomain/ssl.key
}
...4500 more lines with domains/alias'/sub domains
dovecote.conf - after updating webmin & virtualmin and after subsequent LE cert request:
# A config file can also tried to be included without giving an error if
# it's not found:
!include_try local.conf
local_name mail.mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.combined
ssl_key = </home/mysystemdomain/ssl.key
}
local_name mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.combined
ssl_key = </home/mysystemdomain/ssl.key
}
local_name www.mysystemdomain.com {
ssl_cert = </home/mysystemdomain/ssl.cert
ssl_cert = </home/mysystemdomain/ssl.combined
ssl_key = </home/mysystemdomain/ssl.key
local_name anotherdomain.com {
ssl_cert = </home/anotherdomain/ssl.cert
ssl_key = </home/anotherdomain/ssl.key
}
...4500 more lines with domains/alias'/sub domains
As I said before adding the missing bracket and dovecote restarted.
Now I’ve posted this I do remember @Joe mentioning something somewhere about extraneous ssl_ca lines in the conf file perhaps those were causing the problem,
100% the O.P is correct.
Virtualmin did the exact same thing on my system for a single domain.
The missing closing bracket took out my entire mail server for every domain on my system.
I had to manually add it back in again. As soon as the missing closing bracket for that single domain was readded everything started working again and emails were delivered.
I’m pretty pissed off about it and starting to really get fed up with the instability of email with virtualmin. Its not good enough for a production system. My clients are now so paranoid, they are blaming me for everything…one even when they forget to renew ther own domain name at their own registrar, they grumble i did it. Another uses a vpn which screws up email deliverability to his email client every time he forgets to turn it off…he now sends me letters complaining im causing the trouble. We had a telstra dns outage Australia wide on Sunday…clients were even blaming me for that!.. I cant offer services that are unstable …it causes chaos.
If this is happening on Virtualmin 6.11, then it’s no good. I will have to take a super close look in this then. I will update this ticket within few days, when I find something.
There also were superfluous, but correct duplicate entries below that for “example2.com.” Basically the entire entries repeated. I’ve learned this past few weeks that Dove is tolerant of duplicates as long as they are syntactically correct.
Okay, to narrow down the problem. If, before manually requesting certificates, you edit dovecot.conf file and remove all duplicates, only leaving ssl_cert and ssl_key - will it still happen?
So, the issue happens when there are duplicate entries —great finding. Okay, one more thing - if you apply this patch, restart Webmin with /etc/webmin/restart and then take that old config with duplicate entries and re-request certificate over again - will you still have initial problem with missing curly bracket or after the patch it would produce working config? If so, how does the config look like now?
Okay, with the patch to feature-ssl.pl applied, and with the duplicate entries having been reinserted into dovecot.conf, manually renewing the cert did not remove the dupe entries, but also didn’t cause the problem with the missing closing bracket.
So in other words, there were no errors in dovecot.conf except the dupes that were already there, and Dove was able to restart successfully.
Okay, this issue has been addressed in the patch below. We will discuss internally, if we’re keeping it this way. Nevertheless, it must work flawlessly now for any kind of configs, even broken ones.
Give it a try patching a file and restarting Webmin afterwards.
Note: Line 1834 doesn’t exist on your system, don’t look for it and don’t be surprised it’s not there.
The simple way to apply the patch, is to run the following command (from SSH console or in-built Webmin command line), for Debian/Ubuntu:
You’ll see the ssl_ca attribute is not correct. FWIW, houseofsilnyevents is a deleted account. It was deleted yesterday, and I patched the code just now.