• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

pop3d.pem no start line

H

Hans_Meiser

New Pleskian
Hello,

I get the following error message in my mail logs:

/usr/share/courier-imap/pop3d.pem: error:0906D06C:pEM routines:pEM_read_bio:no start line

This happens even with the "Plesk-Default-Cert" in pop3d.pem.

I believe I tried every suggestion from the internet...text block positions, user rights, some modifications in the confs according to the Plesk-how to's etc.

My Configurations are the recommended ones from the Plesk knowledge base.

I must say that my client is Outlook 2003 which is rather old.

Does someone has another idea? My client does not send any certificate.
 
Most probably there are Windows EOL symbols in certificate. Try to check it with

# dos2unix /usr/share/courier-imap/pop3d.pem
 
Thank you, but double checked with the same result...

couriertls: /usr/share/courier-imap/pop3d.pem: error:0906D06C:pEM routines:pEM_read_bio:no start line
 
Hi Hans_Meiser,

Hans_Meiser said:
This happens even with the "Plesk-Default-Cert" in pop3d.pem.
Click to expand...
Did you change the content from the file "/usr/share/courier-imap/pop3d.pem" ? With which software did you edit the file "/usr/share/courier-imap/pop3d.pem" ?

Hans_Meiser said:
I believe I tried every suggestion from the internet...text block positions, user rights, some modifications in the confs according to the Plesk-how to's etc.

My Configurations are the recommended ones from the Plesk knowledge base.
Click to expand...
Could you please name the How-To's you used? s?
Could you please name the KB - articles, that you followed to configure the certificates or it's changes?
 
Last edited by a moderator:
Hi Hans_Meiser,

even if you maybe double and tribble checked, i recommend to use a "pure" text-editor, when editing certificates to merge them. As you can see in your case, there are certificates issues, which only result from incorrect pastings, or additional signs, or even bad converts.

I would as well recommend to use both paths
Code: 
/usr/share/imapd.pem 
/usr/share/pop3d.pem
AND
Code: 
/usr/share/courier-imap/imapd.pem
/usr/share/courier-imap/pop3d.pem
for your certificates, when you save them.
 
Hi,

I created a self singed cert and only edited it with cat (merging the Openssl-outputs)

cat /home/xxx/tmp/cert.crt > /usr/share/courier-imap/pop3d.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/courier-imap/pop3d.pem

cat /home/xxx/tmp/cert.crt > /usr/share/courier-imap/imapd.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/courier-imap/imapd.pem

cat /home/xxx/tmp/cert.crt > /usr/share/pop3d.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/pop3d.pem

cat /home/xxx/tmp/cert.crt > /usr/share/imapd.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/imapd.pem

...with the same result.

By the way, I would not believe that the Plsek defualt cert comes damaged too.

...strange...

but when I use a default cert from an older server the message disapears.

Seems it has to do with the kind of cert.

...double strange...

the older cert/pem bundle has:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----

...and the key seems to be shorter...may be an older format is involved too.
 
Last edited:
SOLVED:

The all in one-error message "no start line" is misleading.
I hate those messages. They can cause hours, days and weeks of investigations.

My system needs a dhparam section in the pop3d.pem

This is not metioned in the Paralleles Plesk KB...

http://kb.odin.com/en/1062

I'm not sure, but I believe the Plesk default SSL-configuration in /usr/share/courier-imap/ has no dhparam section too.
So this could be a serious configuration- and documentation bug (could lead to a MITM vulnerability).
I took advantage of some PCI complience optimisations. May be they are involved too.

PS:
openssl dhparam -out mysexyserver.com_dhparam.pem 4096
 
Last edited:
You must log in or register to reply here.

Similar threads

Quinten
Resolved Reverse Proxy server (Nginx) won't start after renewing a domains certificate
Replies
7
Views
6K
Quinten
Quinten
S
Issue Problems with Plesk
Replies
5
Views
1K
Peter Debik
P
C
Issue 502 Bad Gateway - after applying updates
Replies
2
Views
2K
CChris
C
I
Question Problems with Email certificate renewal - seems linked to changes in SNI support
Replies
0
Views
2K
iainh
I
P
Issue Roundcube stops working intermittently
Replies
12
Views
4K
Bitpalast
Bitpalast
Back
Top