letsencrypt copy to dovecot do not create a pem with intermediate ca


Dovecot need that cert+int. CA are bundled together in the

ssl_cert = <

parameter. When copying to dovecot virtualmin do not bundle the two together therefor the letsencrypt cert is refused as the intermediate CA is not valid. Any idea on how to solve this ?


ps: this is a pain that each server use its own way to install certs…dovecot postfix apache …none has the same. At least apache read allmost all way but dovecot is a pain in the …

1 Like


I still the same issue with the dovecot certs and the intermediate CA:

Copying certificate and key to Dovecot files …
… wrote out certificate and CA in /etc/ssl/certs/dovecot.pem, and key in /etc/ssl/private/dovecot.key

Système d’exploitation Debian Linux 9
Version de Webmin 1.900
Version de Usermin 1.750
Version Virtualmin 6.06-2
Authentic theme version 19.32-beta1

this is not true, the ca is not copied only the certificate and the key listed in /etc/dovecot/conf.d/10-ssl.conf therefor the ssl fails.

Any ideas on what is causing that ? because the ssl.ca is there everything seems fine.


Hi. I’m also having the exact same problem. I’m trying to set up so all my virtual servers will use mail10.mydomain.com as their incoming and outgoing server.
However, I’m having a problem with the dovecot server getting this result from sslshopper.com/ssl-checker:

This is critical to get my server working correctly, else all my clients will get certificate warnings when trying to connect to their mail.
For added info, I created a virtual server of mail10.mydomain.com - and did the installation of letsencrypt from there.

Please, how do we resolve?

Hi Guys.
This is quite a serious matter for me, as my clients are getting certificate errors, especially when using ios. Please can someone help or guide me in the right direction. I’m really loving virtualmin, but don’t want to have to go back to cpanel, but issues like this are critical, and should not be that hard to solve.
Has someone come up with a solution as of yet.

Hi all.
I’ve managed to resolve this at last…
Basically there seems to be a configuration error with virtualmin.
In the dovecot.conf file, it seems that virtualmin is placing entries under the “!include_try local.conf” section. Basically this points to certs for individual virtual servers that are created. What is happening is that the cert is pointing to: /home/username/ssl.cert, whereas it should be pointing to /home/username/ssl.combined. This is causing issues that I was having with dovecot. I went in and commented out the section for the mail server I set up, and now everything works correctly.
This issue needs to be addressed by the devs so that it can be sorted out…