I'm using SSL for dovecot, and dovecot kindly warned me on startup that I 
needed the ssl_dh parameter, which I specified:

        # grep -P '^ssl_dh' /etc/dovecot/conf.d/10-ssl.conf 
        ssl_dh = </etc/dovecot/dh.pem

And I generated the file, as specified in the comment:

        # openssl dhparam -out /etc/dovecot/dh.pem 4096

The file contains the appropriate headers:

        # grep -P '^\-' /etc/dovecot/dh.pem
        -----BEGIN DH PARAMETERS-----
        -----END DH PARAMETERS-----

However, when I restart dovecot (`systemctl restart dovecot`) I get the 
following error:

        lmtp(8221): Error: SSL context initialization failed, disabling SSL: 
Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no 
start line: Expecting: DH PARAMETERS

This message repeats 5 times (presumably for each dovecot service?).

In /var/log/dovecot/imap.log, I see the same error.

I even gave permission to the `dh.pem` file for the *vmail* user and group, but 
that didn't seem to change anything.

Any ideas?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to