Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)

I upgraded to Ubuntu 20.04.1 and chose to keep my existing config files, and my mail server stopped working. In the log I saw:

Nov 25 09:07:57 machine dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=someip, lip=someip, session=<someid>

I was able to fix this by modifying /etc/dovecot/conf.d/10-ssl.conf and adding this line:

ssl_dh = </usr/share/dovecot/dh.pem

Please let me know if I’ve introduced an horrific security bug, won’t you?

9 thoughts on “Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)”

GÃ¶ran Ekeberg says:

December 30, 2020 at 6:23 pm

Confirmed working
AndrÃ© R says:

March 28, 2021 at 6:15 pm

Some files were in different places on my (Debian / ISPConfig) setup but your solution helped me find my way through config files. BIG THANKS!
enzo says:

May 23, 2021 at 6:58 am

Thank you! you saved my morning ;)
working well.
Pete says:

August 22, 2021 at 6:42 pm

Thank you so much! I did an upgrade 3 days ago and just noticed today. Added the line, restarted dovecot and voila!
Andy Balaam says:

September 7, 2021 at 8:38 am

Excellent!
Jeremy Lowery says:

December 2, 2021 at 4:36 pm

You saved me a lot of time! Thank You!
Jerry Krinock says:

January 1, 2022 at 2:39 am

Got me back in business pronto. A thousand upvotes.
Echelon1 says:

January 4, 2022 at 3:17 pm

Thanks this saved the day!

This site uses Akismet to reduce spam. Learn how your comment data is processed.

9 thoughts on “Dovecot not working after upgrade to Ubuntu 20.04.1 (dh key too small)”

Leave a Reply