How to fix "sslserver: fatal: unable to load
certificate" Qmail error on GNU / Linux
After setupping a brand new Qmail installation following the
Qmailrock's Thibs Qmail
Debian guide , I've come across unexpected reoccuring error
message in
/var/log/qmail/qmail-smtpdssl/ , here is the
message:
@400000004e9807b10d8bdb7c command-line: exec sslserver -e -vR
-l my-mailserver-domain.com -c 30 -u 89 -g 89 \
-x /etc/tcp.smtp.cdb 0 465 rblsmtpd -r zen.spamhaus.org -r
dnsbl.njabl.org -r dnsbl.sorbs.net -r bl.spamcop.net qmail-smtpd
\
my-mailserver-domain.com /home/vpopmail/bin/vchkpw /bin/true
2>&1
@400000004e9807b10dae2ca4 sslserver: fatal: unable to load
certificate
I was completely puzzled initially by the error as the sertificate
file
/var/qmail/control/servercert.pem was an existing and
properly self generated one. Besides that qmail daemontools init
script
/service/qmail-smtpd/run was loading the file just
fine, where the same file failed to get loaded when
sslserver command with the cert argument was invoked via
/service/qmail-smtpdssl/run
It took me quite a while to thoroughfully investigate on what's
wrong with the new qmail install. Thanksfully after almost an hour
of puzzling I found it out and I was feeling as a complete moron to
find that the all issues was caused by incorrect permissions of the
/var/qmail/control/servercert.pem file. To fix up the error
I had to allow all users to have reading permissions over
servercert.pem , e.g.:
linux:~# chmod a+r
/var/qmail/control/servercert.pem
Consequently I did a qmail restart to make sure the new readable
servercert.pem will get loaded from the respective init
script:
linux:~# qmailctl restart
* Stopping qmail-smtpdssl.
* Stopping qmail-smtpd.
* Sending qmail-send SIGTERM and restarting.
* Restarting qmail-smtpd.
* Restarting qmail-smtpdssl.
Now the annoying
sslserver: fatal: unable to load
certificate message is no more and all works fine, Hooray!
;)