[GH-ISSUE #2589] Dovecot permisson denied error when trying to delete identities #1646

New issue

Closed

opened 2026-02-27 11:18:20 +03:00 by kerem · 7 comments

kerem commented 2026-02-27 11:18:20 +03:00

Owner

Copy link

Originally created by @jcharles-cj on GitHub (Aug 30, 2022).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/2589

Failed to retrieve mailbox location (b"doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_cert: Can't open file /etc/letsencrypt/live/mydomain.com/fullchain.pem: Permission denied\n")

This is a fresh install of Modoboa and I have tried changing the permissions and error still persists.

System:
Debian 11
Dovecot version: 2.3.13 (89f716dc2)

Originally created by @jcharles-cj on GitHub (Aug 30, 2022). Original GitHub issue: https://github.com/modoboa/modoboa/issues/2589 `Failed to retrieve mailbox location (b"doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_cert: Can't open file /etc/letsencrypt/live/mydomain.com/fullchain.pem: Permission denied\n")` This is a fresh install of Modoboa and I have tried changing the permissions and error still persists. System: Debian 11 Dovecot version: 2.3.13 (89f716dc2)

kerem closed this issue 2026-02-27 11:18:21 +03:00

kerem commented 2026-02-27 11:18:21 +03:00

Author

Owner

Copy link

@jcharles-cj commented on GitHub (Aug 30, 2022):

Update: I did this workound and it works now, but is it appropriate?
https://modoboa-wiki.herokuapp.com/en/dovecot-failed-to-retrieve-mailbox-location-error#fix-by-using-commands

<!-- gh-comment-id:1231091237 --> @jcharles-cj commented on GitHub (Aug 30, 2022): Update: I did this workound and it works now, but is it appropriate? https://modoboa-wiki.herokuapp.com/en/dovecot-failed-to-retrieve-mailbox-location-error#fix-by-using-commands

kerem commented 2026-02-27 11:18:21 +03:00

Author

Owner

Copy link

@Spitfireap commented on GitHub (Aug 30, 2022):

Duplicate of #2570, the relevant PR is here modoboa/modoboa-installer#427 :)

<!-- gh-comment-id:1231191625 --> @Spitfireap commented on GitHub (Aug 30, 2022): Duplicate of #2570, the relevant PR is here modoboa/modoboa-installer#427 :)

kerem commented 2026-02-27 11:18:21 +03:00

Author

Owner

Copy link

@ankeshanand1 commented on GitHub (Aug 4, 2023):

I am having the same issue. Any fixes? It was working so far until I tried deleting domain and mailboxes.

● dovecot.service - Dovecot IMAP/POP3 email server
     Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-08-04 15:16:12 EDT; 7min ago
       Docs: man:dovecot(1)
             http://wiki2.dovecot.org/
   Main PID: 21184 (dovecot)
      Tasks: 6 (limit: 4660)
     Memory: 6.6M
        CPU: 537ms
     CGroup: /system.slice/dovecot.service
             ├─21184 /usr/sbin/dovecot -F
             ├─21187 dovecot/anvil
             ├─21188 dovecot/log
             ├─21189 dovecot/config
             ├─21799 dovecot/stats
             └─21908 dovecot/auth```

<!-- gh-comment-id:1666072977 --> @ankeshanand1 commented on GitHub (Aug 4, 2023): I am having the same issue. Any fixes? It was working so far until I tried deleting domain and mailboxes. ```root@mailserver:~# service dovecot status ● dovecot.service - Dovecot IMAP/POP3 email server Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2023-08-04 15:16:12 EDT; 7min ago Docs: man:dovecot(1) http://wiki2.dovecot.org/ Main PID: 21184 (dovecot) Tasks: 6 (limit: 4660) Memory: 6.6M CPU: 537ms CGroup: /system.slice/dovecot.service ├─21184 /usr/sbin/dovecot -F ├─21187 dovecot/anvil ├─21188 dovecot/log ├─21189 dovecot/config ├─21799 dovecot/stats └─21908 dovecot/auth```

kerem commented 2026-02-27 11:18:21 +03:00

Author

Owner

Copy link

@Spitfireap commented on GitHub (Aug 4, 2023):

@ankeshanand1 Can you check that /etc/dovecot/conf.d/10-ssl.conf contains !include_try /etc/dovecot/conf.d/10-ssl-keys.try and that /etc/dovecot/conf.d/10-ssl-keys.try has 600 permission ?

<!-- gh-comment-id:1666078636 --> @Spitfireap commented on GitHub (Aug 4, 2023): @ankeshanand1 Can you check that `/etc/dovecot/conf.d/10-ssl.conf` contains ``!include_try /etc/dovecot/conf.d/10-ssl-keys.try`` and that `/etc/dovecot/conf.d/10-ssl-keys.try` has 600 permission ?

kerem commented 2026-02-27 11:18:21 +03:00

Author

Owner

Copy link

@ankeshanand1 commented on GitHub (Aug 4, 2023):

@Spitfireap Here is the error coming from modoboa: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 52: ssl_cert: Can't open file /etc/letsencrypt/live/server.somehostname.com/fullchain.pem: Permission denied\n

10-ssl.conf does contain !include_try /etc/dovecot/conf.d/10-ssl-keys.try but it's commented out and /etc/dovecot/conf.d/10-ssl-keys.try is 600.

10-ssl.conf config for SSL:

ssl_cert = </etc/letsencrypt/live/server.somehostname.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/server.somehostname.com/privkey.pem

dovecot is able to start successfully without any permission denied errors but Modoboa shows error when deleting the domains or identities.

<!-- gh-comment-id:1666120146 --> @ankeshanand1 commented on GitHub (Aug 4, 2023): @Spitfireap Here is the error coming from modoboa: `doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 52: ssl_cert: Can't open file /etc/letsencrypt/live/server.somehostname.com/fullchain.pem: Permission denied\n` `10-ssl.conf` does contain `!include_try /etc/dovecot/conf.d/10-ssl-keys.try` but it's commented out and `/etc/dovecot/conf.d/10-ssl-keys.try` is 600. `10-ssl.conf` config for SSL: ``` ssl_cert = </etc/letsencrypt/live/server.somehostname.com/fullchain.pem ssl_key = </etc/letsencrypt/live/server.somehostname.com/privkey.pem ``` dovecot is able to start successfully without any permission denied errors but Modoboa shows error when deleting the domains or identities.

kerem commented 2026-02-27 11:18:22 +03:00

Author

Owner

Copy link

@ankeshanand1 commented on GitHub (Aug 4, 2023):

Surprisingly, I am able to delete new domains that I just added but not the old ones!

<!-- gh-comment-id:1666123988 --> @ankeshanand1 commented on GitHub (Aug 4, 2023): Surprisingly, I am able to delete new domains that I just added but not the old ones!

kerem commented 2026-02-27 11:18:22 +03:00

Author

Owner

Copy link

@ankeshanand1 commented on GitHub (Aug 4, 2023):

I logged into vmail user and found out that vmail was infact not able to access /etc/letsencrypt when user owners were dovecot:dovecot whereas it worked fine earlier. Created a new group ssl, added all relevant owners to the group, made vmail the owner of /etc/letsencrypt and all is well now!

<!-- gh-comment-id:1666200056 --> @ankeshanand1 commented on GitHub (Aug 4, 2023): I logged into vmail user and found out that vmail was infact not able to access /etc/letsencrypt when user owners were dovecot:dovecot whereas it worked fine earlier. Created a new group ssl, added all relevant owners to the group, made vmail the owner of /etc/letsencrypt and all is well now!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#1646

No description provided.