Hi all,I've upgraded a Ubuntu 18.04 server to 20.04. I have done this before and had some issues so I came prepared. (That part works.)But on this server I have a new, probably trivial problem, but I just can't find it out.Basically clients (Thunderbird) can not connect to cyprus imapd using TLS, because:Feb 5 16:02:23 my-server cyrus/imap[353784]: unable to get certificate from '/etc/ssl/certs/my-server.crt' Feb 5 16:02:23 my-server cyrus/imap[353784]: TLS server engine: cannot load cert/key data, may be a cert/key mismatch? Feb 5 16:02:23 my-server cyrus/imap[353784]: error initializing TLSThis has been working fine before and it is also working fine on other upgraded servers.Permissions were my first guess but they look fine, as before. Unless cyrus runs under a different user/group now, but it doesn't seem like it. Or if it is running in chroot or something...Everything is fine if the clients connect over non-ssl/tls protocol.Any ideas please? Thanks!
I'll go out on a limb and suggest that you need to make the 'cyrus' user a member of the 'ssl-cert' group (typically GID 114 on Ubuntu):
sudo usermod -a -G ssl-cert cyrusYou'll need to stop and restart cyrus after making this change, so it catches the new group membership.
Cheers,
-nic
-- Nic Bernstein nic@xxxxxxxxxxxxxxxx https://www.nicbernstein.com
