FS#68733 - [dovecot] doveadm not able to access certificates - permission error
Attached to Project:
Community Packages
Opened by F_Heday (fheday) - Tuesday, 24 November 2020, 15:13 GMT
Last edited by Johannes Löthberg (demize) - Sunday, 06 December 2020, 20:54 GMT
Opened by F_Heday (fheday) - Tuesday, 24 November 2020, 15:13 GMT
Last edited by Johannes Löthberg (demize) - Sunday, 06 December 2020, 20:54 GMT
|
Details
Description:
Can't login due to doveadm not able to access certificates. If tested on the command line, I get: # sudo -u postfix doveadm pw -s BLF-CRYPT -p test doveconf: Fatal: Error in configuration file /etc/dovecot/ssl-keys.conf line 1: ssl_cert: Can't open file /etc/letsencrypt/live/xxxxxx.xxx/fullchain.pem: Permission denied and as normal user: doveadm pw -s BLF-CRYPT -p test doveconf: Fatal: Error in configuration file /etc/dovecot/ssl-keys.conf line 1: ssl_cert: Can't open file /etc/letsencrypt/live/xxxxxx.xxx/fullchain.pem: Permission denied I also find the same problem in the system logs. here are my certificates directory: # ls -lah total 12K drwxr-xr-x 2 root root 4.0K Nov 9 00:03 . drwxr-xr-x 3 root root 4.0K Dec 27 2019 .. lrwxrwxrwx 1 root root 36 Nov 9 00:03 cert.pem -> ../../archive/xxxx.xxx/cert6.pem lrwxrwxrwx 1 root root 37 Nov 9 00:03 chain.pem -> ../../archive/xxxx.xxx/chain6.pem lrwxrwxrwx 1 root root 41 Nov 9 00:03 fullchain.pem -> ../../archive/xxxx.xxx/fullchain6.pem lrwxrwxrwx 1 root root 39 Nov 9 00:03 privkey.pem -> ../../archive/xxxx.xxx/privkey6.pem -rw-rw-rw- 1 root root 692 Dec 27 2019 README I used to be able to run without any problems. package version: community/postfixadmin 3.2.4-1 dovecot.conf: protocols = imap sieve #pop3 auth_mechanisms = plain passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } service auth { unix_listener auth-client { group = postfix mode = 0660 user = postfix } user = root } mail_home = /home/vmail/%d/%n mail_location = maildir:~ #ssl_cert = </etc/letsencrypt/live/xxxxx.xx/fullchain.pem #ssl_key = </etc/letsencrypt/live/xxxxxx.xx/privkey.pem ### RSPAMD ### protocol lmtp { postmaster_address = postmaster@xxxx.xxx mail_plugins = $mail_plugins sieve } protocol imap { mail_plugins = $mail_plugins imap_quota imap_sieve quota } service managesieve-login { inet_listener sieve { port = 4190 } } service managesieve { process_limit = 1024 } plugin { # sieve = file:~/sieve;active=~/.dovecot.sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_before = /var/mail/vmail/sieve/global/spam-global.sieve sieve = file:/var/mail/vmail/sieve/%d/%n/scripts;active=/var/mail/vmail/sieve/%d/%n/active-script.sieve imapsieve_mailbox1_name = Spam imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_before = file:/var/mail/vmail/sieve/global/report-spam.sieve imapsieve_mailbox2_name = * imapsieve_mailbox2_from = Spam imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_before = file:/var/mail/vmail/sieve/global/report-ham.sieve sieve_pipe_bin_dir = /usr/bin sieve_global_extensions = +vnd.dovecot.pipe } !include_try ssl-keys.conf |
This task depends upon
Closed by Johannes Löthberg (demize)
Sunday, 06 December 2020, 20:54 GMT
Reason for closing: Not a bug
Additional comments about closing: As specified in the error message, those users aren't allowed to read that file, so fix your permissions.
Sunday, 06 December 2020, 20:54 GMT
Reason for closing: Not a bug
Additional comments about closing: As specified in the error message, those users aren't allowed to read that file, so fix your permissions.