1 Topic by vOPyt9788yg8pr8UIFPFYPF

  • vOPyt9788yg8pr8UIFPFYPF
  • Member
  • Offline
  • Registered: 2020-08-19
  • Posts: 2

Topic: Upgrade to Ubuntu 22.04, iRedMail.crt: Permission denied

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.5.2 MARIADB edition.
- Deployed with: downloadable installer
- Linux/BSD distribution name and version: Ubuntu 22.04
- Store mail accounts in which backend: MySQL
- Web server: Nginx
- Manage mail accounts with iRedAdmin-Pro? No
====

Hi,

Upgraded Ubuntu 20.04 to Ubuntu 22.04. There were a few issues that I solved.
But I am not sure about this one:

In /var/log/syslog there were these lines:

/etc/dovecot/dovecot.conf line 66: ssl_ca: Can't open file /etc/ssl/certs/iRedMail.crt: Permission denied

Search results on the internet suggested to comment the offending line in /etc/dovecot/dovecot.conf, like:

#ssl_ca = </etc/ssl/certs/iRedMail.crt

I did this and the error went away but I wonder if what I did is correct.
Any thoughts on this?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Upgrade to Ubuntu 22.04, iRedMail.crt: Permission denied

It reports "permission denied", you can simply fix the permission issue instead of commenting out the parameter.

3 Reply by vOPyt9788yg8pr8UIFPFYPF

  • vOPyt9788yg8pr8UIFPFYPF
  • Member
  • Offline
  • Registered: 2020-08-19
  • Posts: 2

Re: Upgrade to Ubuntu 22.04, iRedMail.crt: Permission denied

ZhangHuangbin wrote:

It reports "permission denied", you can simply fix the permission issue instead of commenting out the parameter.

Thank you for your reply.

I believe the problem is a problem of newer versions of dovecot and described here (cannot leave urls in message):

Dovecot can’t open ssl_ca file (permission denied)
on: letsencrypt.org

Dovecot Can't load SSL certificate (ssl_cert setting): There is no valid PEM certificate
on: serverfault.com

My dovecot version: 2.3.16 (7e2e900c1a)

From /etc/dovecot/conf.d/10-ssl.conf
---
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
ssl_ca = /etc/ssl/certs/ssl-cert-snakeoil.pem
---

What is the current value of ssl_verify_client_cert?

> doveconf -a | grep ssl_verify_client_cert
---
ssl_verify_client_cert = no
---

This would mean I can safely comment the line in dovecot.conf