Copying SSL cert to Postfix Dovecot

Submitted by lewisjenkins on Fri, 08/22/2014 - 17:07

When copying an SSL cert to Webmin, Usermin, Dovecot and Postfix, the following two bugs occur :

1) Copying to Postfix, Virtualmin reports that it wrote out certificates for .cert and .key but doesn't mention .ca (even though it does this)

2) Copying to Dovecot works but the 'Copy to Dovecot' button doesn't disappear afterwards like the others.

It's only small stuff but I've been meaning to report these for a couple of years and never got around to it :)

Status: 
Active

Comments

Submitted by JamieCameron on Sat, 08/23/2014 - 01:31

1) I'll fix that up in the next release.

2) That's odd ... can you check if the cert and key were actually copied to Dovecot?

Submitted by lewisjenkins on Mon, 08/25/2014 - 07:00

I can confirm that the cert, key and ca are all successfully copied to Dovecot. I've been using the SSL features a lot over recent months with no problems. But the 'Copy to Dovecot' button is always there.

Submitted by lewisjenkins on Mon, 08/25/2014 - 08:17

Yes, copying the cert, key and ca to Dovecot works fine. But the 'Copy to Dovecot' button doesn't disappear.

Submitted by JamieCameron on Mon, 08/25/2014 - 13:27

In your Dovecot config, what do the ssl_cert_file and ssl_cert lines contain exactly?

Submitted by lewisjenkins on Thu, 08/28/2014 - 17:21

/etc/dovecot/conf.d/10-ssl.conf contains this:

ssl = yes

ssl_cert = </etc/dovecot/dovecot.pem

ssl_key = </etc/dovecot/private/dovecot.pem

ssl_ca = </etc/dovecot/dovecot.ca.pem

ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:!MD5:!SSLv2:+SSLv3:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM

(commented lines removed for clarity)

Submitted by JamieCameron on Thu, 08/28/2014 - 17:35

Ok, I see the bug now - that < at the start of the path is confusing Virtualmin. I will fix this in the next release.

Submitted by Issues on Thu, 09/11/2014 - 17:41

Automatically closed -- issue fixed for 2 weeks with no activity.

Submitted by lawk on Wed, 05/22/2019 - 01:35

This issue is back with latest update on ubuntu 18.04

NadimD's picture
Submitted by NadimD on Fri, 07/26/2019 - 19:37

Hello,

Any news on this issue ? I'm getting it on the latest update and any recent verions of VirtualMin. Button 'Copy to postfix" disappear from a virtual server when another one is applied.

The file /etc/dovecot/conf.d/10-ssl.conf still shows "<" at the beginning of paths.

Thank you.

Submitted by JamieCameron on Sun, 07/28/2019 - 19:13

Do you mean that it appears on one server when the button is clicked on another? That's expected as Dovecot can have only one global cert at a time.

NadimD's picture
Submitted by NadimD on Sun, 07/28/2019 - 19:26

Thank you for your answer @JamieCameron. It's excatly what I was asking. Why does Dovecot have one global ? It needs one global cert for the server ? But I was talking about the Postfix button, but Dovecot does the same like you said. So it doesn't have anything with the SSL on sent mail ?

Submitted by Jfro on Tue, 08/06/2019 - 07:50

Don't know button copy dovecot stays

10-ssl.conf:

ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =
ssl_ca = </dovecot.key.ca

centos 7 x still on: Webmin version 1.900 Usermin version 1.751 Virtualmin version 6.06

while update: bugs messing arround with ip's ports php fpm and mariadb issues aren't solved yet

Only posting to help others, while it doesn't seemed solved , and pointing out to that in our version.

For Postfix the host / server wide certs are ok only dovecot copy cert button isn't doing what expected

Push button gives:

Copying certificate and key to Dovecot files ..
.. wrote out certificate and CA in /etc/pki/dovecot/certs/dovecot.pem, and key in /etc/pki/dovecot/private/dovecot.pem
Enabling SSL in Dovecot configuration ..
.. done

Did write files to /etc/pki/dovecot/certs/dovecot.pem, and key in /etc/pki/dovecot/private/dovecot.pem But the button stays vissible. is that ok?

Name match is valid but not on host/server ip and ports 465 and 995 . this is done also for host https://www.virtualmin.com/node/11906

Submitted by chill_Surf on Mon, 10/14/2019 - 18:55

The bug is back again.
I tried to do a fresh install on a new CentOS 7 system, after install of CentOS I updated the system and then I installed Virtualmin. After the installation I created a server and a Let's Encrypt certificate for it.
I Copied the certificates to webmin,virtualmin,postfix, dovecot but then i noticed that the "Copy to Dovecot" button was still there.

Then I noticed that Dovecot seems stopped in the Dashboard page. I tried to press on start button but it doesnt start. Then I tried from terminal with no luck. I get the dovecot process is already running. I cant manage to stop and start it via command line. Why is this happening? I also noticed that the dovecot config file has the "<" character in front of the paths.

I did the above as I was struggling to find out why suddenly all my email clients were not trusting the Lets Encrypt secrtificate of my server. The only thing I had done was a normal update on virtualmin and all the email clients started to find my ssl certificated untrusted. So I noticed that Dovecot was listed in Virtualmin Dashboard as not currently running and I tried to run it. When I decided to make a new fresh install, I was surprised that there was the same problem in a fresh installed Centos Server.

Is this a bug?
Do you know why Dovecot is not starting?

Submitted by NikosGr on Mon, 11/04/2019 - 12:06

This post has been unanswered and i have the EXACT SAME PROBLEM. COULD SOMEBODY HELP ME PLEASE?

Submitted by toli on Mon, 11/04/2019 - 16:04 Pro Licensee

Try this:
Edit /etc/dovecot/dovecot.conf and check it. If there is lines with certs that You deleted - then delete those line and start dovecot. Sometimes when user delete domain Virtualmin dont remove the ssl cert path from /etc/dovecot/dovecot.conf and You need do this manually.

Submitted by NikosGr on Mon, 11/04/2019 - 16:22

I see. By removing virtual servers superhoat.gr and recreating i created a state were:

This SSL certificate is already being used by : Webmin (superhost.gr), Webmin, Usermin (host superhost.gr), Usermin, Dovecot (host superhost.gr), Postfix, ProFTPD

Why it has 2 Webmins, 2 Usermins and Dovecot with the domain on parenthesis?

How can i make it look properly as Webmin, Usermin, Dovecot, Postfix, ProFTPD without duplicates?

Submitted by acosonic on Wed, 01/22/2020 - 04:48

This problem still persists.

I'm on clean Ubuntu 18.04 install.

Created a host called same like system's hostname.

Obtained SSL via Let's encrypt.

Copied everywhere, however problem still persists.

Copy to dovecot button remained...