Openldap TLS on iredmail

Dear everyone,

i am using Letsencrypt with acme-client ( https://kristaps.bsd.lv/acme-client/ ) for iRedmail, everything works file, except openldap. My TLS configuration for openldap showing as below:

#TLSCACertificateFile /usr/local/etc/ssl/acme/domain.com/fullchain.pem
#TLSCertificateFile /usr/local/etc/ssl/acme/domain.com/cert.pem
#TLSCertificateKeyFile /usr/local/etc/ssl/acme/private/privkey.pem

And openldap unable to start, it shows following error:
Jul 2 15:44:21 moon slapd[13241]: main: TLS init def ctx failed: -1
Jul 2 15:44:21 moon slapd[13241]: DIGEST-MD5 common mech free
Jul 2 15:44:21 moon slapd[13241]: DIGEST-MD5 common mech free
Jul 2 15:44:21 moon slapd[13241]: slapd stopped.

Could anyone please show me how to fix it?
Thank you.

This seems incorrect.
The fullchain includes more than just CA info.

It should probably be:
TLSCACertificateFile /usr/local/etc/ssl/acme/domain.com/chain.pem

Thanks @rg305
I changed to chain.pem, but still getting error.

Then, i tried to copy “acme” folder to “openldap” and # chown -R ldap:ldap openldap, then openldap service can start properly, so this says permission issue.

How could i make openldap and other services like postfix, dovecot can work with same cert files?

Thank you.

Maybe by using groups for ownership.
or script that solution: copy and chown

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.