Turn Off LetsEncrypt in Dovecot

7 and 8

Is there a switch to turn off writing LetsEncrypt cert paths into the Dovecot conf?

I could have sworn I saw one during a new install a few months back but I can’t find it now.

John Hinton

In Virtualmin → Server Configuration → SSL Certificate there is a tab for Service Certificates. You could disable SSL for Dovecot for only one particular virtual server or domain from here, I guess. I have never had to do this myself, but I think it would work.

Note however this feature is not activated by default so at some point you must have clicked on the button “Copy to Dovecot” to configure Virtualmin to add Let’s Encrypt certificates to Dovecot on a system-wide basis. To disable this on a system-wide basis you will have to make Virtualmin jump through hoops or edit the config files manually.

Hi Calport,

I am pretty sure I never clicked the “Copy to Dovecot” button to add certs system wide on some of these systems, in particular my never CentOS 8 systems. but yet it seems all of my systems are copying the cert paths to dovecot.conf.

I would love to have a switch somewhere that could turn this off system wide for Dovecot. (Whoops, maybe there is?)

After doing some experimenting, it looks like in Virtualmin under any domain with SSL enabled, if I go to “Service Certificates” and set Dovecot to No, it sets all virtual domains to No. This was a surprise as I thought it would only have an effect on just the one domain I was editing. Is this a system wide switch?

It was certainly unclear to me that it would effect all domains instead of just the one I was editing.

I’ve tried this on a GPL CentOS 8 test system and on a Pro CentOS 7 system. After deleting all the entries in dovecot.conf, setting it to ‘No’ and requesting a LetsEncrypt cert manually, no entry was made in dovecot.conf.

I haven’t played a lot with this yet as I don’t have time to do more today fearing it may create issues.



What is the practical goal of not having Dovecot configs updated?

Hi Ilia,

To provide a certificate that is recognized by all email clients, or at the very least most email clients.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.