Created a server (parked domain). bind configured etc.
Requested Let’s Encrypt certificate - successful
Checked if the SSL website works - success
Copied to Usermin using “Copy to Usermin” and logged in via :20000 - successfully recognized SSL
Same story with Postfix - no problems at all
But when I do this with Dovecot it copies the files (symlinks to /etc/certs…snakeoils) to /etc/dovecot. But the button does not disappear. The info displayed on Server Configuration > SSL Certificate says that the cert is used by Usermin, Postfix etc but no Dovecot.
And Dovecot seems to be down. When I push the “Start Dovecot Server” button I get:
Fatal: Dovecot is already running? Socket already exists: /var/run/dovecot/login/login
This bug seems to be existing for years now. Any working solutions for that. What exactly is being done under the hood when you press Copy to Dovecot button? How to fix this manually while we wait for the bugfix?
I’ve run into this issue before as well, first, verify the certificates were in fact copied to the expected directory - turns out the certificates were copied however I needed to update the path to the certificates manually - https://wiki.dovecot.org/SSL/DovecotConfiguration once updated try restarting Dovecot.
I decided to change these two lines in 10-ssl.conf to point directly to /home/domain.com/ssl.key and ssl.cert files instead those symlinks and guess what? It works!
It is my main domain for the server anyway so pointing at auto renewed files should work every two months. The only line I left unchanged was the one pointing to CA file.
I verified the symlinks they are exactly the same. Sizes, content, ownershhip. No idea what is wrong.
Here’s the lines of /etc/dovecot/conf.d/10-ssl.conf for those struggling with these problems too.
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = yes
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
# ssl_cert = </etc/dovecot/private/dovecot.pem
# ssl_key = </etc/dovecot/private/dovecot.key
ssl_cert = </home/vm/foo.com/ssl.cert
ssl_key = </home/vm/foo.com/ssl.key
Only last two lines were modified.
[Copy to Dovecot] button is still visible but it basically does not work because of that static workaround.
Thanks for following up. That is weird. But, some tools do treat symlinks with suspicion, though I don’t know why it would in this case. I’ll have to do some research and testing when I get some free time.