这个错误来自 dovecot,由于权限问题,它无法读取证书,我尝试更改权限,目前我的所有内容都在 644 上,我知道路径只是/etc/letsencrypt/archives
文件路径的链接,所以我真的不知道发生了什么,我不知道链接上的权限如何影响目标
mail dovecot: imap(example_user)<28542><mxY1sjPSlsxHvuNn>:
Panic: Settings check unexpectedly failed: ssl_client_ca_dir:
access(/etc/letsencrypt/live/mail.servicemouse.com) failed: Permission denied
答案1
您需要为目录设置合理的权限链接是(/etc/letsencrypt/live
)并且真实文件(/etc/letsencrypt/archives
)。每次更新证书时都要修复它,因为新文件会获得“安全”权限。以下脚本是我前段时间使用过的:
#!/bin/bash
#use: certbot renew --post-hook /usr/local/bin/certbot-renew-fix-file-access.sh
chmod 0755 /etc/letsencrypt/
chmod 0711 /etc/letsencrypt/live/
chmod 0750 /etc/letsencrypt/live/example.com/
chmod 0711 /etc/letsencrypt/archive/
chmod 0750 /etc/letsencrypt/archive/example.com/
chmod 0640 /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chmod 0640 /etc/letsencrypt/archive/example.com/privkey*.pem
chown root:root /etc/letsencrypt/
chown root:root /etc/letsencrypt/live/
chown root:mail /etc/letsencrypt/live/example.com/
chown root:root /etc/letsencrypt/archive/
chown root:mail /etc/letsencrypt/archive/example.com/
chown root:mail /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chown root:mail /etc/letsencrypt/archive/example.com/privkey*.pem
/etc/init.d/postfix restart
/etc/init.d/cyrus restart
/etc/init.d/apache2 restart
您需要调整主机名、运行服务的组名(如果不是)mail
以及更新后需要获取新证书的服务。