Thanks for this. I have been on a chase around lots of reports of similar issues with dovecot, and I think I now have a working configuration. But which of the several adjustments to files in dovecot/conf.d I made actually fixed things I cannot tell.
The Postfix error is particularly odd: apparently Postfix is looking in the ssl/certs directory for a private key, yet the main.cf file says: smtpd_tls_cert_file = /etc/ssl/certs/newpostfix.pem smtpd_tls_key = /etc/ssl/private/newpostfix.pem It would seem strange to me if no-one else has encountered the same problem, but I haven't found a successful conjunction of Google search terms to throw up fellow-sufferers. -- Steve Blinkhorn <[email protected]> You wrote: > > > > On June 10, 2015 1:07:48 PM EDT, [email protected] wrote: > >I am trying once more to get dovecot working with TLS/SSL enabled, > >similarly postscript. > > > >I saw Greg Troxel's post about missing redirect < characters in the > >config file, but this doesn't fix my problem. The maillog file says: > > > >Jun 10 17:41:28 viking dovecot: imap-login: Fatal: Couldn't parse > >private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start > >line: Expecting: ANY PRIVATE KEY > >Jun 10 17:41:28 viking dovecot: master: Error: service(imap-login): > >command startup failed, throttling for 60 secs > > > >Postfix says: > > > >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: cannot get RSA > >private key from file /etc/ssl/certs/viking.pem: disabling TLS support > >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library > >problem: 534:error:0906D06C:PEM routines:PEM_read_bio:no start > >line:/usr/src/crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c:703:Expecting: > >ANY PRIVATE KEY: > >Jun 10 17:28:27 viking postfix/smtpd[534]: warning: TLS library > >problem: 534:error:140B0009:SSL > >routines:SSL_CTX_use_PrivateKey_file:PEM > >lib:/usr/src/crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c:669: > > > >I have no real experience of what a parsing of the private key should > >show, but when I do: > >openssl asn1parse < private.pem > >I get: > >... > >I think there actually must be something wrong with the private key, > >but I can't work out what or why. > > Your private key should start with a line that looks like "-----BEGIN RSA > PRIVATE KEY-----" > > The command you can use to examine it is: > openssl rsa -in foo.pem -noout -text > > I've got mine in /etc/openssl/certs/dovecot.pem, simply after the > certificate, but that might just be the way I happen to have dovecot > configured. > My postfix config uses a different file with just the private key in it, and > AFAIK there's no inherent connection between the dovecot and postfix configs. > > Eric >
