On 2/5/22 09:11, [email protected] wrote:
Hi all,
I've upgraded a Ubuntu 18.04 server to 20.04. I have done this before
and had some issues so I came prepared. (That part works.)
But on this server I have a new, probably trivial problem, but I just
can't find it out.
Basically clients (Thunderbird) can not connect to cyprus imapd using
TLS, because:
Feb 5 16:02:23 my-server cyrus/imap[353784]: unable to get certificate from
'/etc/ssl/certs/my-server.crt'
Feb 5 16:02:23 my-server cyrus/imap[353784]: TLS server engine: cannot load
cert/key data, may be a cert/key mismatch?
Feb 5 16:02:23 my-server cyrus/imap[353784]: error initializing TLS
This has been working fine before and it is also working fine on other
upgraded servers.
Permissions were my first guess but they look fine, as before. Unless
cyrus runs under a different user/group now, but it doesn't seem like
it. Or if it is running in chroot or something...
Everything is fine if the clients connect over non-ssl/tls protocol.
Any ideas please? Thanks!
I'll go out on a limb and suggest that you need to make the 'cyrus' user
a member of the 'ssl-cert' group (typically GID 114 on Ubuntu):
sudo usermod -a -G ssl-cert cyrus
You'll need to stop and restart cyrus after making this change, so it
catches the new group membership.
Cheers,
-nic
--
Nic [email protected]
https://www.nicbernstein.com
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T095c648989aa4da2-Mcbca07b0a041887a6017e30e
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
