Copying SSL cert to Postfix Dovecot

When copying an SSL cert to Webmin, Usermin, Dovecot and Postfix, the following two bugs occur :

1) Copying to Postfix, Virtualmin reports that it wrote out certificates for .cert and .key but doesn't mention .ca (even though it does this)

2) Copying to Dovecot works but the 'Copy to Dovecot' button doesn't disappear afterwards like the others.

It's only small stuff but I've been meaning to report these for a couple of years and never got around to it :)

Status: 
Active

Comments

1) I'll fix that up in the next release.

2) That's odd ... can you check if the cert and key were actually copied to Dovecot?

I can confirm that the cert, key and ca are all successfully copied to Dovecot. I've been using the SSL features a lot over recent months with no problems. But the 'Copy to Dovecot' button is always there.

Yes, copying the cert, key and ca to Dovecot works fine. But the 'Copy to Dovecot' button doesn't disappear.

In your Dovecot config, what do the ssl_cert_file and ssl_cert lines contain exactly?

/etc/dovecot/conf.d/10-ssl.conf contains this:

ssl = yes

ssl_cert = </etc/dovecot/dovecot.pem

ssl_key = </etc/dovecot/private/dovecot.pem

ssl_ca = </etc/dovecot/dovecot.ca.pem

ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:!MD5:!SSLv2:+SSLv3:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM

(commented lines removed for clarity)

Ok, I see the bug now - that < at the start of the path is confusing Virtualmin. I will fix this in the next release.

Automatically closed -- issue fixed for 2 weeks with no activity.

Status:
Closed (fixed)
»
Active

This issue is back with latest update on ubuntu 18.04

NadimD's picture
Submitted by NadimD on Fri, 07/26/2019 - 19:37

Hello,

Any news on this issue ? I'm getting it on the latest update and any recent verions of VirtualMin. Button 'Copy to postfix" disappear from a virtual server when another one is applied.

The file /etc/dovecot/conf.d/10-ssl.conf still shows "<" at the beginning of paths.

Thank you.

Do you mean that it appears on one server when the button is clicked on another? That's expected as Dovecot can have only one global cert at a time.

NadimD's picture
Submitted by NadimD on Sun, 07/28/2019 - 19:26

Thank you for your answer @JamieCameron. It's excatly what I was asking. Why does Dovecot have one global ? It needs one global cert for the server ? But I was talking about the Postfix button, but Dovecot does the same like you said. So it doesn't have anything with the SSL on sent mail ?

Don't know button copy dovecot stays

10-ssl.conf:

ssl = yes

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)
#ssl_ca =
ssl_ca = </dovecot.key.ca

centos 7 x still on: Webmin version 1.900 Usermin version 1.751 Virtualmin version 6.06

while update: bugs messing arround with ip's ports php fpm and mariadb issues aren't solved yet

Only posting to help others, while it doesn't seemed solved , and pointing out to that in our version.

For Postfix the host / server wide certs are ok only dovecot copy cert button isn't doing what expected

Push button gives:

Copying certificate and key to Dovecot files ..
.. wrote out certificate and CA in /etc/pki/dovecot/certs/dovecot.pem, and key in /etc/pki/dovecot/private/dovecot.pem
Enabling SSL in Dovecot configuration ..
.. done

Did write files to /etc/pki/dovecot/certs/dovecot.pem, and key in /etc/pki/dovecot/private/dovecot.pem But the button stays vissible. is that ok?

Name match is valid but not on host/server ip and ports 465 and 995 . this is done also for host https://www.virtualmin.com/node/11906

The bug is back again.
I tried to do a fresh install on a new CentOS 7 system, after install of CentOS I updated the system and then I installed Virtualmin. After the installation I created a server and a Let's Encrypt certificate for it.
I Copied the certificates to webmin,virtualmin,postfix, dovecot but then i noticed that the "Copy to Dovecot" button was still there.

Then I noticed that Dovecot seems stopped in the Dashboard page. I tried to press on start button but it doesnt start. Then I tried from terminal with no luck. I get the dovecot process is already running. I cant manage to stop and start it via command line. Why is this happening? I also noticed that the dovecot config file has the "<" character in front of the paths.

I did the above as I was struggling to find out why suddenly all my email clients were not trusting the Lets Encrypt secrtificate of my server. The only thing I had done was a normal update on virtualmin and all the email clients started to find my ssl certificated untrusted. So I noticed that Dovecot was listed in Virtualmin Dashboard as not currently running and I tried to run it. When I decided to make a new fresh install, I was surprised that there was the same problem in a fresh installed Centos Server.

Is this a bug?
Do you know why Dovecot is not starting?