Feed on
Posts
Comments

In honor of xkcd 979, I’m posting this so future generations of Courier-IMAP users won’t have to Bing for a solution in vain (and hit lots of useless advice). In the process of finally getting around to upgrading my 2008-era courier-imap 4.1.1 setup to the shiny new 4.15 hotness and putting things in Chef templates, I encountered this error in /var/log/maillog:

imapd-ssl: couriertls: /etc/pki/tls/private/blah-certkey.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

My certificate file has three things in it, my SSL certificate, the intermediate CA certificate, and the private key. After making sure I didn’t have wonky ^M, line feeds or malformed certificate START/END headers, I started bisecting the old config with my new template. I discovered I was missing the dhparams parameter configuration which is new in 4.15:

TLS_DHPARAMS="/usr/lib/courier-imap/share/dhparams.pem"

This file is generated by the courier-imap-mkdhparams cronjob. I read the release notes before upgrading but clearly forgot to check for this after upgrading. Added this to my template, now Courier IMAP is a happy camper.

4 Responses to “couriertls: PEM_read_bio:no start line”

  1. Damien says:

    Woah, thanks.
    Same pb here, for some time, and googling was unfruitful.
    Cheers,

  2. Dave says:

    THANK YOU!!! Sooo many posts about this error but adding TLS_DHPARAMS= to my config got rid of the error.

  3. DR says:

    Hello. I LOL’d at the XKCD ref. I remember that one. Thank you so much for taking the time to do this. Sometimes its just hard to find time to read all the notes.

  4. atoz says:

    hi,

    thanks for your post – even debian finally upgraded to the new version of courier-imapd ;)

    cheers
    a.z

Leave a Reply