I am attempting to setup postfix and dovecot on a LEMP server. I am using letsencrypt certificates. I suspect I am having a permissions problem because I cannot access the /etc/letsencrypt/live folder using cd unless I preface it with the sudo su command.
This seems to be affecting my dovecot configuration because dovecot is giving me the following fatal error:
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file /etc/letsencrpyt/
I have checked my letsencrypt certificate and pemchain path in dovecot settings multiple times and they are correct. So it appears that something else is blocking dovecot from accessing my certificate chain. I'm assuming it is the same thing that won't let me access my chain with out being root.
The Top of my /etc/dovecot/conf.d/10-ssl.conf page looks like this:
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
ssl_cert = </etc/letsencrypt/live/mail.mysite.com/fullchain.pem
ssl_key = </etc/letsencrpyt/live/mail.mysite.com/privkey.pem
My /etc/dovecot/conf.d/10-ssl.conf has the following lines uncommented and edited. I am not actually using mail.mysite.com :
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mysite.com/fullchain.pem
ssl_key = </etc/letsencrpyt/live/mail.mysite.com/privkey.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </usr/share/dovecot/dh.pem
The Results of:
ls -l /etc | grep letsencrypt
drwxr-xr-x 9 root root 4096 Feb 20 12:44 letsencrypt
My question is, how can I fix the above error and allow dovecot to access my letsencrypt certificate path correctly?
