imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate ee key too mall

dovecot imap

Upgraded my server to 20.04. Now I can't get IMAP working through dovecot. I get:

Aug  1 23:25:53 defaria dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small: user=<>, rip=184.182.63.133, lip=208.113.131.137, session=<iKgXGN+rCIC4tj+F>

I found many solutions to this problem but none seem to work. I've generated and re-generated server keys, signing certificates, and the like and configured dovecot to look at them yet all I get is this cryptic error message. I had this all configured nicely before and just updating from 18.04 -> 20.04 broke this.

How can I fix this? Step by step... How to I supposed generate a cert and a key and properly configure them into dovecot so that imap works again?

Funny thing is I can drive a session through telnet to imap and I can log in an access messages. But when I try to do the same with my mail client (thunderbird) I get the above error written to /var/log/mail.log


Solution 1:

I needed to add the following to my /etc/dovecot/conf.d/10-ssl.conf file:

ssl_dh = </usr/share/dovecot/dh.pem

The dh.pem file did already exist in my case, but YMMV.

Solution 2:

The answer to this is that your dh.pem file does not have enough bits. Ubuntu provides one in /etc/dovecot and /usr/share/dovecot. The later of the two directories has one of enough bits (4096).

I think (not tested for now) that you can also generate your own dh.pem file with the following command:

openssl dhparam -out dh.pem 4096

Then simply add the line:

ssl_dh=</your/dir/here/dh.pem

To /etc/dovecot/conf.d/10-ssl.conf (including the < character before the /)

Solution 3:

None of these solutions worked for me, as the /usr/share/dovecot/dh.pem already existed and was the required 4096 bit.

Turns out the solution was as simple as deleting the /var/lib/dovecot/ssl-parameters.dat file, then restarting dovecot using:

sudo systemctl restart dovecot

Related

How to pass a program and its arguments to startx
Lubuntu default keyboard shortcuts for always on top, normal, maximize
Make Home Partition Size Larger and Reduce Root Partition Size
How do symbolic links work in Dropbox?
Nvidia Geforce 820M GPU problem on mainly ubuntu-based distros
Show side and top bar not working on all monitors
How to install scanner brother dcp-7030 on ubuntu
Format numbers in JavaScript similar to C#
Is JavaScript supported in an email message?
How can I render an 'atmosphere' over a rendering of the Earth in Three.js?
How do I select an element based on the state of another element in the page with CSS?
How do I check if the user is pressing a key?