Citeren "Trever L. Adams" <tre...@middleearth.sapphiresunday.org>:
With a recent update, I started seeing this:
doveconf: Fatal: Error in configuration file
/etc/dovecot/conf.d/10-ssl.conf line 14: ssl_cert: Can't open file
/etc/letsencrypt/live/SERVER/fullchain.pem: Permission denied
1 4 * * * vmail /usr/bin/doveadm expunge -A mailbox
MAILBOXINQUESTION savedbefore 1w
is one of the crontab entries I am seeing this for.
Is there an option to keep doveadm from trying to use the ssl cert
from that configuration file? I do not want to have the vmail user
having access to the pem cert.
Rename your existing 10-ssl.conf to 10-ssl.conf.ext and make it
readable by root only. Now create a new 10-ssl.conf file with the
following content:
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = no
!include_try 10-ssl.conf.ext
This will cause all non-root users to disable SSL and will only enable
it when started as root.
