What type of hardware are you using: Old laptop or computer What YunoHost version are you running: 12.1.12.1 How are you able to access your server: The webadmin
SSH
Direct access via physical keyboard/screen
Describe your issue
Hello,
After upgrading my Yunohost instance to the latest version, I’m experiencing an authentication issue with the mail service (Dovecot).
I’ve been able to resolve a similar problem with Nextcloud by changing my Nextcloud app password and my main Yunohost password. This suggests that the LDAP/SSOwat configuration might have been impacted by the update.
However, the Dovecot service remains inaccessible. I cannot log in to my email account via webmail (e.g., Roundcube) or directly from the command line interface (CLI).
Here are the troubleshooting steps I have already taken:
User Check: I created a new user to see if the issue was related to my account, but the new user also could not access email.
Configuration Regeneration: I used the Yunohost CLI to regenerate and reload the configurations for both Dovecot and Postfix.
Configuration File Inspection: I checked the Dovecot configuration file, and it did not show any immediately obvious errors, but I can provide its content if needed.
Nextcloud Fix: The fact that changing the password fixed Nextcloud suggests the issue is related to the LDAP/SSOwat integration, which the recent updates mentioned changing.
I am running low on ideas and wanted to check if you have encountered this issue or have any suggestions on how to fix it. Any commands or ideas you have would be greatly appreciated.
I also saw that after the update, there were multiple warnings in the /var/log/mail.log file for Postfix this time. (Sorry for spreading the problem; I’m trying to figure out what could be the root cause.)
2025-08-21T08:29:58.208796+02:00 xxxxxxx postfix/postfix-script[86364]: warning: /var/spool/postfix/etc/ssl/certs/GTS_Root_R1.pem and /etc/ssl/certs/GTS_Root_R1.pem differ
2025-08-21T08:29:58.214805+02:00 xxxxxxxxx postfix/postfix-script[86368]: warning: /var/spool/postfix/etc/ssl/certs/GTS_Root_R4.pem and /etc/ssl/certs/GTS_Root_R4.pem differ
2025-08-21T08:29:58.221466+02:00 xxxxxxxxx postfix/postfix-script[86372]: warning: /var/spool/postfix/etc/ssl/certs/GTS_Root_R3.pem and /etc/ssl/certs/GTS_Root_R3.pem differ
2025-08-21T08:29:58.264516+02:00 xxxxxxxxx postfix/postfix-script[86449]: warning: /var/spool/postfix/etc/ssl/certs/GTS_Root_R2.pem and /etc/ssl/certs/GTS_Root_R2.pem differ
2025-08-21T08:29:58.270584+02:00 xxxxxxxxx postfix/postfix-script[86453]: warning: /var/spool/postfix/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem and /etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem differ
2025-08-21T08:29:58.276577+02:00 xxxxxxxxx postfix/postfix-script[86456]: warning: /var/spool/postfix/etc/ssl/certs/ca-yunohost_crt.pem and /etc/ssl/certs/ca-yunohost_crt.pem differ
2025-08-21T08:29:58.283684+02:00 xxxxxxxxx postfix/postfix-script[86462]: warning: /var/spool/postfix/etc/ssl/certs/yunohost_crt.pem and /etc/ssl/certs/yunohost_crt.pem differ
2025-08-21T08:29:58.166459+02:00 xxxxxxxxx postfix/postfix-script[86333]: warning: not owned by root: /etc/postfix/.
2025-08-21T08:29:58.171233+02:00 xxxxxxxxx postfix/postfix-script[86334]: warning: not owned by root: /etc/postfix/./app_senders_login_maps.db
2025-08-21T08:29:58.176454+02:00 xxxxxxxxx postfix/postfix-script[86335]: warning: not owned by root: /etc/postfix/./app_senders_login_maps
For the permission problem, using the command chown resolved the warnings, but the certificate problem is still here.
I have tried updating the root certificates via update-ca-certificates and also updated my Let’s Encrypt certificates, but the warnings are still there, and I still cannot log in to the email server.
I tried copying the certificate to the destination folder. The warning disappeared, but I am still unable to connect.
Also, is it normal that the userid and guid are hardcoded in the ‘/etc/dovecot/dovecot-ldap.conf’ ?
Okay, for some reason, the update—or maybe me, I don’t remember doing it—removed the email permission for users on the server. I just had to turn it back on in the web admin. But it seemed like too many steps for that to be the real fix, lol.
This thread was very helpful, thank you. Though it did not address my issue, it got me down the right path.
My issue was the upgrade deleted the /etc/postfix/ldap-domains.cf file.
Once I recovered the file from one of the pre-upgrade backups and put it back, I started to get emails again.