==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.2.1
- Deployed with iRedMail Easy or the downloadable installer? Downloadable Installer
- Linux/BSD distribution name and version: Ubuntu 18.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I have been unable to set up TLS with openldap. I have traversed these forums and have tried numerous suggestions, but keep hitting walls and have been unable to find a clear step-by-step guide.

I am attempting to enable TLS over port 389 with open ldap. In slapd.conf, after uncommenting:

#TLSCACertificateFile /etc/ssl/certs/iRedMail.crt
#TLSCertificateFile /etc/ssl/certs/iRedMail.crt
#TLSCertificateKeyFile /etc/ssl/private/iRedMail.key

I would restart slapd service and it would fail with "main: tls init def ctx failed: -1"

Searching these forums indicated it was a permissions issue with app armor. (My certs are from LetsEncrypt)

After changing permissions on my cert files, slapd fails again, but with no provided explanation.

I would provide logs, but I have been unable to find any. Nothing is showing in syslog, openldap, slapd, etc.

Is there a guide anywhere?

Please help