How to renew the SSL certificate for dovecot, CentOS, Webmin


As root: First make a backup of the existing key and certificate file

# cd /etc/pki/dovecot
# cp -a certs/dovecot.pem certs/dovecot.pem.old
# cp -a private/dovecot.pem private/dovecot.pem.old

Create the new SSL certificate for two years:

# openssl genrsa -out private/dovecot.pem 1024
openssl req -new -x509 -key private/dovecot.pem -out certs/dovecot.pem -days 730

Restart Dovecot:

# /etc/init.d/dovecot restart

To see the start and end dates for the certificate:

# openssl x509 -dates -in certs/dovecot.pem

Plaintext logins with Dovecot and Ubuntu


Disallow plaintext authentication in non-SSL mode?

Webmin permits you to enable non-SSL connections on its Dovecot SSL Configuration page, but on Ubuntu at least, that edits /etc/dovecot/dovecot.conf by changing 'yes' here to 'no':

disable_plaintext_auth = no

but the same thing also has to be done in /etc/dovecot/dovecot-postfix.conf ... manually for now.