Univention Bugzilla – Bug 48247
Let's Encrypt: configure dovecot listener module correctly
Last modified: 2020-02-06 17:11:18 CET
If the local dovecot system is configured to use the Let's Encrypt certificate:
the listener module should also be configured to use the correct cafile while uploading a sieve script for new users:
If this UCR variable is not set, the UCS CA file is used and the sieve upload will fail → new users start without a basic sieve script and spam is placed within the inbox.
When implementing this make sure to depend on the correct packages, as the UCRv was implemented in bug 41018
I was wrong, mail/dovecot/sieve/client/cafile was introduced in 2015, at the referenced bug UCR mail/dovecot/sieve/client/server was introduced.
No, you were correct. Bug #41018 is required for this to work: both the CA and the FQDN that the sieve-client uses must fit.
This bug is about making the let's encrypt app automatically set those UCRVs, isn't it?
(In reply to Daniel Tröder from comment #4)
> This bug is about making the let's encrypt app automatically set those
> UCRVs, isn't it?
Yes, that was my initial intention. But as we already noticed, dovecot is also able to use SNI and can therefore handle multiple SSL certificates, which would be the much better approach.
UCS 4.4e45 introduced SNI support for dovecot in bug 48485. The letsencrypt app should configure its certificates via SNI in addition to the default