Author Topic: [SOLVED] TLS Problem messing up Dovecot & ClamAV  (Read 7838 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
[SOLVED] TLS Problem messing up Dovecot & ClamAV
« on: December 07, 2016, 08:42:29 PM »
I recently tried to install Letsenycrpt but it gave me a bunch of Error message, so i resorted to the good old self signed certificates. I generated certificate the usual way but it was giving me error message that my .crt were empty. I noticed that my attempt to install Letsencrypt created a whole bunch of dummy certificates. I had to delete all of them, start all over and it worked.

Now i have a problem. Here is the error message.

Starting Dovecot Imap: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 105: ssl_cert: Can't open file /etc/pki/tls/certs/CPWeb1.******.***.crt: No such file or directory
[FAILED]

So dovecot is trying to opên with the old certificate so it wont start. I manually edited dovecot.conf with the correct path and file name and now dovecot start and works just fine, but ClamAV crashes and gives permission errors.

If i rebuild or restart all Mail services, the config with the old certificate comes back and i am back to the same old problem. So here is my question. where do i go to update the certificate path to the proper one ??

Please help, i am banging my head against the wall.
« Last Edit: December 07, 2016, 10:23:56 PM by dukkha »

Offline
*
Re: [SOLVED] TLS Problem messing up Dovecot & ClamAV
« Reply #1 on: December 07, 2016, 10:31:12 PM »
Rebuild of email server overwite any change made in .config files. The name of the certificate HAS to match server Hostname. The only way to pemenently fix the issue is to have to hostname matching the certificate or the TLS Matching the Hostname.

E.g. test.server.com will not work with tls like server.crt
      test.server.com will work with test.server.crt
      server.com will not work with test,server.crt
      server.com will work with sever.crt

It is frustrating and confining not to be able to modify conf files permenantly