Unable to renew Let's Encrypt mail certificate: ERROR:failed to configure dovecot service

Created:

2017-08-04 03:50:27 UTC

Modified:

2017-08-16 17:32:41 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to renew Let's Encrypt mail certificate: ERROR:failed to configure dovecot service

Applicable to:

  • Plesk Onyx for Linux

Symptoms

Unable to renew Let's Encrypt certificate that is assigned to a mail server. The following error is shown in Plesk:

PLESK_ERROR: Failed to execute XML-RPC operation 'update/certificate': sslmng failed: Job for dovecot.service failed. See 'systemctl status dovecot.service' and 'journalctl -xn' for details. ERROR:failed to configure dovecot service: Command '['/opt/psa/admin/sbin/pleskrc', 'dovecot', 'reload']' returned non-zero exit status 1

Attempting to reload dovecot service manually also fails:

# systemctl reload dovecot
Job for dovecot.service failed. See 'systemctl status dovecot.service' and 'journalctl -xn' for details.

Dovecot service status shows another error:

CONFIG_TEXT: systemd[14246]: Failed at step NAMESPACE spawning /usr/bin/doveadm: Operation not permitted
systemd[1]: dovecot.service: control process exited, code=exited status=226
systemd[1]: Reload failed for Dovecot IMAP/POP3 email server.

Cause

/var/tmp/ is a sym-link to /tmp or unknown disk access error.

Resolution

  1. Connect to the server using SSH .

  2. Make sure that /var/tmp is not a sym-link to /tmp .

    If yes, remove and create it again

    # rm -rf /var/tmp
    # mkdir /var/tmp
    # chmod 1777 /var/tmp

  3. Remove all the temp files related to dovecot in /var/tmp :

    # rm -f /var/tmp/*dovecot.service*

    and try service reloading:

    # systemctl reload dovecot.service

  4. If the issue perists, temprary disable PrivateTemp for dovecot service, remove files and enable it again:

    # vi /lib/systemd/system/dovecot.service
    ...
    PrivateTmp=false
    ...
    # systemctl daemon-reload
    # rm -f /var/tmp/*dovecot.service*
    # systemctl reload dovecot.service
    # vi /lib/systemd/system/dovecot.service
    ...
    PrivateTmp=true
    ...
    # systemctl daemon-reload
    # systemctl reload dovecot.service

  5. Renew the certificate again in Plesk.

Have more questions? Submit a request
Please sign in to leave a comment.