I am attempting to setup postfix and dovecot on a LEMP server. I am using letsencrypt certificates. I suspect I am having a permissions problem because I cannot access the /etc/letsencrypt/live
folder using cd
unless I preface it with the sudo su
command.
This seems to be affecting my dovecot configuration because dovecot is giving me the following fatal error:
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file /etc/letsencrpyt/
I have checked my letsencrypt certificate and pemchain path in dovecot settings multiple times and they are correct. So it appears that something else is blocking dovecot from accessing my certificate chain. I'm assuming it is the same thing that won't let me access my chain with out being root.
The Top of my /etc/dovecot/conf.d/10-ssl.conf page looks like this:
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/letsencrypt/live/mail.mysite.com/fullchain.pem
ssl_key = </etc/letsencrpyt/live/mail.mysite.com/privkey.pem
My /etc/dovecot/conf.d/10-ssl.conf has the following lines uncommented and edited. I am not actually using mail.mysite.com :
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mysite.com/fullchain.pem
ssl_key = </etc/letsencrpyt/live/mail.mysite.com/privkey.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </usr/share/dovecot/dh.pem
The Results of:
ls -l /etc | grep letsencrypt
drwxr-xr-x 9 root root 4096 Feb 20 12:44 letsencrypt
My question is, how can I fix the above error and allow dovecot to access my letsencrypt certificate path correctly?
Damn spelling. :) Didn't catch this myself first time. You have
letsencrPYt
in your config, and it's clearly shown in error message as well.To solve this, I just had to spell
ssl_key = </etc/letsencrpyt
correctly for my ssl_key.The proper syntax is:
NOT