Why not /etc/dovecot/private? That's where I put my dovecot certs. Dovecot's
needs are a bit different from other software, and so it is unclear whether the
files won't be unique to it. For example, I haven't seen the following before I
read it on the Dovecot wiki:
"The CA file should contain the certificate(s) followed by the matching CRL(s).
Note that the CRLs are required to exist. For a multi-level CA place the
certificates in this order:
Issuing CA cert
Issuing CA CRL
Intermediate CA cert
Intermediate CA CRL
Root CA cert
Root CA CRL"
On 2015/2/16 06:42, Wolfgang Gross wrote:
> On 16 Feb 2015 at 21:59, Nick Edwards wrote:
>
>> This directory in later times is where more and more distros are
>> putting system wide server CA type certs, most distros are moving to
>> this path, so the package maintainer should fix their script, maybe to
>> /etc/ssl/private or such.
>
> Maybe not in /etc/ssl/private for security reasons?
> 10-ssl.conf uses the same file name for certificate and private key; better
> change this, too.
>
>>
>> On 2/16/15, Wolfgang Gross <wgr...@uni-hd.de> wrote:
>>> Hi,
>>>
>>> this is not a genuine Dovecot bug, more a nuisance.
>>> It applies to OpenSuse 13.2 but maybe also to other Linux's.
>>>
>>> The standard installation of Dovecot (especially 10-ssl.conf) places the
>>> certificate dovecot.pem in /etc/ssl/certs.
>>> Sometimes during updates does OpenSuse renew all certificates in
>>> /etc/ssl/certs
>>> and erases dovecot.pem. This blocks further access to the mailbox.
>>>
>>> I found a similar report here:
>>> https://bbs.archlinux.de/viewtopic.php?id=27288
>>>
