Issue [Bug?] Dovecot mail certificate wrong paths

[Daedalus3]

Hi guys,
I'm using Plesk Obsidian 18.0.28 Update 3 with dovecot and a let's encrypt certificate. The certificate is assigned to the mail server via "Tools & Settings --> SSL/TLS Certificates. About every three months my mail certificate expires and supposedly isn't renewed. However, the error seems to lay in the dovecot.conf. The file path pointing to the certificate is wrong. Plesk seems to be expecting:

# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key =  </etc/dovecot/private/dovecot.pem

While the config shows:

# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
ssl_key =  </etc/dovecot/private/ssl-cert-and-key.pem

Changing the paths to point to dovecot.pem will work for some time, but sooner or later Plesk(?) will change them pack to point to ssl-cert-and-key.pem.

A fix would be highly appreciated

 

[learning_curve]

Plesk seems to be expecting:

# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key =  </etc/dovecot/private/dovecot.pem

While the config shows:

# PEM encoded X.509 SSL/TLS certificate and private key.
ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
ssl_key =  </etc/dovecot/private/ssl-cert-and-key.pem

A fix would be highly appreciated

@Daedalus3 This is taken directly from a Plesk Support Ticket some time ago:

".... /etc/dovecot/private/ssl-cert-and-key.pem is still defined in /etc/dovecot/dovecot.conf:

grep -iR "ssl-cert-and-key.pem" /etc/dovecot/*
/etc/dovecot/dovecot.conf:ssl_cert = </etc/dovecot/private/ssl-cert-and-key.pem
/etc/dovecot/dovecot.conf:ssl_key = </etc/dovecot/private/ssl-cert-and-key.pem

but the parameters from this config are not actually in use, because they defined in the /etc/dovecot/conf.d/11-plesk-security-ssl.conf config:

grep -iR "dovecot.pem" /etc/dovecot/*
/etc/dovecot/conf.d/11-plesk-security-ssl.conf:ssl_cert = </etc/dovecot/private/dovecot.pem

So unless you customise / modify the file; /etc/dovecot/conf.d/11-plesk-security-ssl.conf there's no fault, so no fix is needed.

 

[Daedalus3]

Thanks for clarifying! There must be other configuration issues then ( /etc/dovecot/conf.d/11-plesk-security-ssl.conf is in place and indeed pointing to dovecot.pem)

 

[learning_curve]

...There must be other configuration issues then...

Sounds like it. To try and understand a little clearer, what did you actually mean here:

...The certificate is assigned to the mail server via "Tools & Settings --> SSL/TLS Certificates. About every three months my mail certificate expires and supposedly isn't renewed...?

Presumably, on that page, you mean this:

Certificate for securing mail:

If so, then more detail here wil help. e.g. Is it a *Wildcard certificate? Is it a different certificate than the one here:

Certificate for securing Plesk

etc etc From what's been posted so far, it sounds like it might be just a small certificate allocation misconfig, somewhere