I just set up a system with 2.2.13 and found the ssl configuration to be boggling. The example config file has # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf #ssl_cert = /etc/openssl/certs/dovecot.pem #ssl_key = /etc/openssl/private/dovecot.pem which looks quite sane. However, that got me Oct 9 14:40:31 foo dovecot: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY and I found that I had to put in the config file: ssl_key = </etc/openssl/private/foo.pem ssl_cert = </etc/openssl/certs/foo.pem and then all was well. Interestingly doveconf did put a < in the converted file from the v1 config file, but I presumed that was a bug. So if it really is the case that for a file one usee "<" (and presumably without < the RHS is the PEM-encoded key???), then the example should have a < and explain this. Before sending the above to the dovecot list, I looked in the sources, and find that pkgsrc patches out the "<"!! But I can't figure out why.
Description: PGP signature