Uh. You are practically proposing that all versions after 2.3.7.2 would be serving expired SSL certs, due to some bug? It that was the case, then I would believe we would've been inundated with bug reports for the past year or so. Installation probably breaks because you are using expired cert, from wrong path.
Doublecheck output of `doveconf -nP` and `openssl x509 -text` to make sure you are indeed using correct, non-expired certificate. Aki > On 13/04/2021 07:16 gmail <ljakk...@gmail.com> wrote: > > > Hi, > > I got news: dovecot is the one that is broken, i got setup all other > stuff updated to latest BUT not dovecot, and i got working system. > > > if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs. > > > The version that is good is 2.3.7.2 (3c910f64b) > > > Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20: > > Hi, > > > >> In our case this is an internally used Dovecot Mail server that's used for > > … > >> certificates worth the expense? Just curious on what everyone's opinion is > >> of Digital Certs signed by certificate authorities that are only used > >> inside > >> the LAN. Thoughts? > > Aki is right. On the long run it's easier to use "offcial" certs. Since > > the advent of Let's encrypt it is cheap. > > > > Of course, getting a certificate from Let's Encrypt for an internal > > service isn't as easy as for a public HTTP server, but it is possible. > > > > (We use a dedicated machine, requesting certs for all our internal > > services, employing the DNS challenge with Let's Encrypt. From this > > dedicated machine then we deploy the certs into our internal > > infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git) > > > >>>> I also tried creating new .crt and key files using this tutorial: > >>>> https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ > > No need to use tech blogs. Use "man req" and brain. > > > > openssl req -x509 -new \ > > -out ssl.pem \ > > -keyout ssl.pem -newkey rsa:4096 -nodes \ > > -subj /CN=example.com -days 365 > > > > (or two distinct files for crt and key).
