Getting Dovecot running on a new server.

I followed these Dovecot installation instructions and everything appeared to work, but I couldn’t get mail. I went into my mail client and retyped the password. I got an error message when it tried to verify the server saying that I had an invalid certificate.

I tried getting a standalone certificate using certbot, but my attempt failed. It turns out that you need to stop apache before running certbot with the standalone command. Then run:


sudo certbot certonly --standalone --preferred-challenges http -d mail.mymaildomain.com <code>

This puts a new certificate just for mail in the /etc/letsencrypt/live/mail.mymaildomain.com directory. You need to tell Dovecot where to find the certificate by editing the SSL file.

Look for these lines near the top of the file.


#ssl_cert = </etc/dovecot/dovecot.pem
#ssl_key = </etc/dovecot/private/dovecot.pem

Configure Dovecot

Dovecot’s SSL configuration is done in an auxiliary file located at /etc/dovecot/conf.d/10-ssl.conf. In here you’ll find two parameters that need to be changed: ssl_cert and ssl_key. Like postfix, dovecot will need the full certificate chain to present to clients for validation.

Edit the configuration file to point to the new certificates. Be sure to include the leading < before the file path, this is what tells dovecot to read from a file rather than use the value literally. 


ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem

The only other issue I had was with the mail_location. I must have picked mbox format when the messages are in Maildir format. I changed this line in 10-mail.conf.


mail_location = maildir:~/Maildir

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.