這個錯誤來自 dovecot,它無法讀取證書,因為我嘗試更改權限,目前我在 644 上擁有所有內容,我了解路徑只是到/etc/letsencrypt/archives文件路徑的鏈接,所以我真的不知道發生了什麼我不知道不知道連結上的權限如何影響目標
mail dovecot: imap(example_user)<28542><mxY1sjPSlsxHvuNn>:
Panic: Settings check unexpectedly failed: ssl_client_ca_dir:
access(/etc/letsencrypt/live/mail.servicemouse.com) failed: Permission denied
答案1
您需要為兩個目錄設定合理的權限連結是 ( /etc/letsencrypt/live) 和真實文件( /etc/letsencrypt/archives)。並在每次更新證書時修復它,因為新文件獲得“安全性”權限。以下腳本是我前段時間使用的:
#!/bin/bash
#use: certbot renew --post-hook /usr/local/bin/certbot-renew-fix-file-access.sh
chmod 0755 /etc/letsencrypt/
chmod 0711 /etc/letsencrypt/live/
chmod 0750 /etc/letsencrypt/live/example.com/
chmod 0711 /etc/letsencrypt/archive/
chmod 0750 /etc/letsencrypt/archive/example.com/
chmod 0640 /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chmod 0640 /etc/letsencrypt/archive/example.com/privkey*.pem
chown root:root /etc/letsencrypt/
chown root:root /etc/letsencrypt/live/
chown root:mail /etc/letsencrypt/live/example.com/
chown root:root /etc/letsencrypt/archive/
chown root:mail /etc/letsencrypt/archive/example.com/
chown root:mail /etc/letsencrypt/archive/example.com/{cert,chain,fullchain}*.pem
chown root:mail /etc/letsencrypt/archive/example.com/privkey*.pem
/etc/init.d/postfix restart
/etc/init.d/cyrus restart
/etc/init.d/apache2 restart
您需要調整主機名稱、服務運作的群組名稱(如果不是)mail以及續訂後需要取得新憑證的服務。