Log In
Register
SSL Brands
Sectigo SSL Certificates
RapidSSL Certificates
Thawte SSL Certificates
GeoTrust SSL Certificates
DigiCert SSL Certificates
SSL Certificates
Single Domain Certificates
SSL Tools
CSR Generator
CSR Decoder
SSL Certificate Decoder
SSL Certificate Checker
SSL / Key Matcher
ContactInstalling SSL on Dovecot – RPM and Debian Systems
This guide covers configuring SSL/TLS encryption for existing Dovecot installations using paid SSL certificates.
Prerequisites
-
- Dovecot already installed and running
- Your SSL certificate files (certificate, private key, CA bundle)
- Root or sudo access to the server
Install SSL Certificate
Copy certificate files:
# Create SSL directory
sudo mkdir -p /etc/dovecot/ssl
# Copy certificates
sudo cp your-cert.crt /etc/dovecot/ssl/server.crt
sudo cp your-private.key /etc/dovecot/ssl/server.key
sudo cp your-ca-bundle.crt /etc/dovecot/ssl/ca-bundle.crt
# Set permissions
sudo chmod 644 /etc/dovecot/ssl/server.crt
sudo chmod 600 /etc/dovecot/ssl/server.key
sudo chmod 644 /etc/dovecot/ssl/ca-bundle.crt
sudo chown dovecot:dovecot /etc/dovecot/ssl/*
Configure SSL
Edit /etc/dovecot/conf.d/10-ssl.conf:
sudo nano /etc/dovecot/conf.d/10-ssl.conf
Add these settings:
ssl = required
ssl_cert = </etc/dovecot/ssl/server.crt
ssl_key = </etc/dovecot/ssl/server.key
ssl_ca = </etc/dovecot/ssl/ca-bundle.crt
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE+AESGCM:ECDHE+AES256:!aNULL:!MD5:!3DES
ssl_prefer_server_ciphers = yes
Generate DH parameters:
sudo openssl dhparam -out /etc/dovecot/ssl/dh2048.pem 2048
sudo chown dovecot:dovecot /etc/dovecot/ssl/dh2048.pem
Add to SSL config:
ssl_dh = </etc/dovecot/ssl/dh2048.pem
Configure Services
Edit /etc/dovecot/conf.d/10-master.conf:
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
Firewall Configuration
RPM-based systems:
sudo firewall-cmd --permanent --add-service=imaps
sudo firewall-cmd --permanent --add-service=pop3s
sudo firewall-cmd --reload
Debian-based systems:
sudo ufw allow imaps
sudo ufw allow pop3s
Restart and Test
Restart Dovecot:
sudo systemctl restart dovecot
Test SSL connections:
# Test IMAPS
openssl s_client -connect your-domain.com:993
# Test POP3S
openssl s_client -connect your-domain.com:995
Troubleshooting
Check configuration:
sudo dovecot -n
View logs:
sudo tail -f /var/log/dovecot.log
Your Dovecot server now supports secure SSL/TLS encrypted email connections.