Error: Failed to initialize SSL connection: Couldn't initialize SSL
server context: Can't load SSL certificate (ssl_server_cert_file
setting): error:0A00018F:SSL routines::ee key too small:
not seeing your config, or your certs, here's one quick check.
long ago, i saw your error as a result of weak too-weak DH param.
check,
$ cd /etc/dovecot/
$ grep -i dh_ dovecot.conf conf.d/*
conf.d/10-ssl.conf: dh_file = /etc/ssl/dh4096.pem
$ openssl dhparam -in /etc/ssl/dh4096.pem -text -noout | grep bit
DH Parameters: (4096 bit)
is that param _set_ in your config, and if so, what's the reported bit depth?
iirc(?), on current OpenSSL releases, min bit depth reqt's are
EC Keys: >= 224 bits
RSA keys: >= 2048 bits
DH params: >= 2048 bits
EdDSA: Ed25519 & Ed448 are good
& depths below, e.g. 1024b RSA or DH, are rejected
i.e., verify your cert bit depths. if only to rule them out.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
