I run Debian Linux including a mail server, and part of the system is Dovecot, an open source IMAP and POP3 server which has always worked well for me.
Unfortunately it stopped working after an upgrade. With Linux I am in the habit of doing:
to keep the system patched, and normally everything works fine. Occasionally it does not, and then I need to dig in and work out what is wrong and how to fix it. The upgrade to Apache 2.4, for example, was somewhat painful because of changed configuration directives.
This time it was Dovecot that broke. I use Thunderbird to pick up POP3 mail, and nothing was flowing. Eventually I found the problem logged in syslog:
Fatal: Couldn’t parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY
I puzzled over this for some time. The path to the private key was correct in dovecot.conf. The permissions were OK. I regenerated the certificate (it’s self-signed) but still the same.
Eventually I found the solution here. The path to the SSL certs used to look like this:
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
Now it must look like this:
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
Yes, you need that angle bracket, otherwise you get the error.
It used to work, so at some point the Dovecot coders took out the compatibility code that allowed the old-style directive.
Mentioned here in case it helps someone find the solution.
13 thoughts on “Fixing “couldn’t parse private ssl key” in Dovecot”
THX A LOT!!!!!!
Yes, thank you so much!
you save me a lot of time…..
Thanks a lot! Real life saver!
Thank you for having such an easily findable (and correct) answer!
I would like to be original, but I can’t. A BIG THANK YOU!!
BIG THANK YOU!!
thank you !
Immediately fixed the problem I was having with Dovecot authentication. Thanks very much!
It was being a little annoying to debug the error caused by this change
Comments are closed.