Dovecot fails to "initialize SSL server context"

Sun, 03 Aug 2025 03:59:57 -0700 

I am configuring a new mailserver. Postfix works and is getting configured 
according to our wishes. 

Dovecot is more stubborn: for some reason I'm not able to understand, it 
refuses to "initialize SSL server context". complaining that "Can't load SSl 
Certificate". I believe I have configured the same certificate (and 
accompanying key) for imap-login that I use for https. But dovecot does not 
agree. 
I looked at error:14187180. All I found were errors on the configuration for 
the Certs cq Keys which I think I am avoiding . 

Two questions:
Please correct me if I'm wrong.
Can you clarify dovecot's error message?
Jaap

Server:
* Rocky Linux 9.6  kernel 5.14.0-570.28.1
* Dovecot 2.3.21.1
* Openssl 3.2.2
* Certbot 3.1.0

Https is functioning as expected:
ssl-config:
* Include /etc/letsencrypt/options-ssl-apache.conf
* SSLCertificateFile 
/etc/letsencrypt/live/radicale.camelopardus.nl/fullchain.pem
* SSLCertificateKeyFile 
/etc/letsencrypt/live/radicale.camelopardus.nl/privkey.pem
* ssl_cert = </etc/letsencrypt/live/iris.camelopardus.nl/fullchain.pem

test from client: openssl s_client -connect radicale.camelopardus.nl:https
reply:
*CONNECTED(00000003)*
*depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1*
*verify return:1*
*depth=1 C = US, O = Let’s Encrypt, CN = E6*
*verify return:1*
*depth=0 CN = radicale.camelopardus.nl*
*verify return:1*

Dovecot responds differently (for Thunderbird as well as) for openssl:

conf.d/10-ssl.conf:
* ssl_cert = </etc/letsencrypt/live/radicale.camelopardus.nl/fullchain.pem
* ssl_key  = </etc/letsencrypt/live/radicale.camelopardus.nl/privkey.pem

test: openssl s_client -connect radicale.camelopardus.nl:imaps
reply:
CONNECTED(00000003)
write:errno=104
no peer certificate available

For both there is the same error in dovecot's log:

imap-login: Error: Failed to initialize SSL server context: 
Can't load SSL certificate (ssl_cert setting): error:14187180:
SSL routines:ssl_do_config:bad value: section=system_default, cmd=Groups,
arg=X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:
 
user=<>, rip=2a10:3781:5ab:1:ff51:cbd1:4d54:fb7b, lip=2a10:3781:5ab:10::aaf,
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Reply via email to