Permission denied for directory /etc/letsencrypt/live/<hostname>/

My domain is:

I ran this command: tail -f /var/log/mail.log

It produced this output:
mail dovecot: imap(mouse)<1794>: Panic: Settings check unexpectedly failed: ssl_client_ca_dir: access(/etc/letsencrypt/live/ failed: Permission denied

My web server is (include version):

The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.40.0

I wonder why you even set that. It is not required and will instead use the default system CA store. From dovecot docs:

By default Dovecot uses OpenSSL’s default system CAs to verify SSL certificates for outgoing connections. This can be overridden by specifying either ssl_client_ca_dir or ssl_client_ca_file. Using ssl_client_ca_dir is preferred because it uses less memory.

The folder you named is not a list of CA roots anyway. It is all the related files for the cert which includes the leaf, intermediates, and privkey. I do not know dovecot well so I may be misunderstanding your requirement but seems best to just let it default.


I agree, if you really do need such a separate directory, you may need to cp the latest chain.pem file from the /live/ folder to a newly created folder [with proper permissions] designated for this purpose.
Then add that cp line to the certbot deployment hook [and also restart/reload your email server].

But I doubt that file can add anything more than should already be found in the ca-cert system.


I too agree, I don't see any reason to set ssl_client_ca_dir to any directory in the /etc/letsencrypt/ path, if you want to set that option to anything anyway indeed, as already explained by @MikeMcQ.

Please allow us to understand what the actual goal is what you're trying to achieve.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.