Securing imap with Letsencrypt

Milan Petrovic petrovic.milan at gmail.com
Wed Aug 1 09:18:38 CEST 2018


Hi all,

I'm running a multidomain Kolab setup on Ubuntu, with Nginx.
I'm trying to make cyrus-imap to use the Letsencrypt certificates
without any success (the certs are working fine on the Nginx part,
also working fine for Active-sync connections).
The certificates are stored in /etc/letsencrypt/archive/my_domain/,
chmoded to 640, owned by root (I have tried to have them owned by a
group 'mail' or 'ssl-cert', nothing happens).
Whenever I point the "tls_client_ca_file", "tls_server_cert" and
"tls_server_key" of imapd.conf to letsencrypt certs, I get in the logs
the following:
Aug  1 02:10:50 collab imaps[28524]: unable to get certificate from
'/etc/letsencrypt/archive/my_domain/cert6.pem'
Aug  1 02:10:50 collab imaps[28524]: TLS server engine: cannot load
server cert/key data.
Aug  1 02:10:50 collab imaps[28524]: error initializing TLS
Aug  1 02:10:50 collab imaps[28524]: Fatal error: tls_init() failed


At some point in the past I see I have commented out the ldap
configuration from the imapd.conf, not sure when and why (both the
base ldap configuration and the addition at the end for the
multidomain setup), but uncommenting it makes the login within
roundcube unsuccessful.

Please help.

Thanks, Milan


More information about the users mailing list