When updating dovecot, my ssl configuration stopped working because ssl_dh parameter was missing in /etc/dovecot/conf.d/10-ssl.conf.
I had to generate dh.pem and add it to 10-ssl.conf myself.

Update has broken Dovecot config, it’s possibile you dont have dh.pem and only fullchain.pem / privkey.pem (Let’s Encrypt)

— FIX —

# openssl dhparam -out /etc/dovecot/dh.pem 4096 -days 3650
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time………

— CONFIG —

sudo vi /etc/dovecot/conf.d/10-ssl.conf

———————————— EXAMPLE ———————————–

ssl = yes
ssl = required

ssl_cert = </etc/letsencrypt/live/myserver.xyz/fullchain.pem
ssl_key = </etc/letsencrypt/live/myserver.xyz/privkey.pem
ssl_dh = </etc/dovecot/dh.pem

———————————— EXAMPLE ———————————–

Remember to restart dovecot:
# systemctl restart dovecot

Leave a Reply