The operating system my web server runs on is (include version): ubuntu 16.04
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): webmin 1.942
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.27.0
select mobile clients are not receiving mail. desktop clients working fine. mail.err log shows the following whenever select mobile clients attempt connection.
added the following to /etc/dovecot/conf.d/10-ssl.conf, even though the comments in the file say to only do so when performing client certificate checking. seems to have resolved the issue.
webmin just implemented certbot, requiring me to install it. but i never use it directly. webmin continues to handle the requesting and renewals…just now using certbot as i understand it.
Two options if you don’t want to use ssl_ca (I wouldn’t recommend it, just like the Dovecot devvers don’t recommend it):
Patch the webmin source code to include fullchain.pem in /etc/webmin
Place a command like cat /etc/webmin/letsencrypt-cert.pem /etc/webmin/letsencrypt-ca.pem > /etc/webmin/letsencrypt-fullchain.pem in the certbot renewal configuration file of the certificate name used by webmin.
I don't know if webmin manipulates certbot in a way the location of that file is different than the default location. Normally, one would find the renewal configuration files of certbot in /etc/letsencrypt/renewal with subdirectories there for each certificate "lineage". Also, I'm not familiair with webmin to say how webmin names the certificate lineages.
that folder only contains conf files for the webmin domain and each virtualmin domain. however, in antiochtechnologies.com.conf, /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem is referenced. now /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem turns out to be a symlink to /etc/letsencrypt/archive/antiochtechnologies.com/fullchain3.pem. could i just tell dovecot to use /etc/letsencrypt/live/antiochtechnologies.com/fullchain.pem?
If you're sure that's the correct certificate (compair /etc/webmin/letsencrypt-cert.pem and /etc/letsencrypt/live/antiochtechnologies.com/cert.pem): yes