Re: sendmail complains about missing ca-bundle.crt

Tue, 09 Jun 2026 05:54:12 -0700 

On 6/9/26 3:45 AM, [email protected] wrote:


On startup, sendmail service complains:


Jun  9 11:07:23 e7 sendmail[4117369]: starting daemon (8.18.2): 
SMTP+queueing@01:00:00
Jun  9 11:07:23 e7 sendmail[4117369]: STARTTLS=server: file 
/etc/pki/tls/certs/ca-bundle.crt unsafe: No such file or directory



sendmail log shows messages like this whenever mail is sent through 
tip.net.au which requires TLS



Jun  9 03:47:21 e7 sendmail[3995173]: STARTTLS=client: file 
/etc/pki/tls/certs/ca-bundle.crt unsafe: No such file or directory
Jun  9 03:47:21 e7 sendmail[3995173]: STARTTLS=client, error: load 
verify locs /etc/pki/tls/certs, /etc/pki/tls/certs/ca-bundle.crt 
failed: 0
Jun  9 03:47:21 e7 sendmail[3995173]: STARTTLS=client, 
relay=mx1.tip.net.au., version=TLSv1.3, verify=FAIL, 
cipher=TLS_AES_256_GCM_SHA384, bits=256/256


The mail is still accepted and delivered


What is the correct way to create the missing ca-bundle.crt file? Or 
is it a misconfigured sendmail?



I note that with the f44 upgrade I received a new sendmail.cf.rpmnew 
but no sendmail.mc, which I need to adjust.


sendmail.mc contains these lines:

define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/private/sendmail.key')dnl


The above confCACERT file does not exist. 'dnf provides' finds no 
source for this file.

In which case what is the correct way to fix the configuration?


Checked the current package (sendmail-8.18.2-2.fc44.x86_64.rpm) and it 
has the same files nominated.



TIA


I use /etc/ssl/certs/ca-bundle.crt, but that just points to 
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem



The release notes for F44 mentioned something about no longer 
including /etc/pki/tls/certs/ca-bundle.crt, if I recall correctly.


-- Mark


--
_______________________________________________
users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new






















					Reply via email to