DH parameters error (message) via update.php

Discussion in 'Installation/Configuration' started by Richard Foley, Aug 29, 2019.

  1. Richard Foley

    Richard Foley Member

    I updated my systems from debian 9 (stretch) to debian 10 (buster), which was *almost* painless. When I then updated ispConfig3
    php -q update.php
    I saw the follwoing "DH parameters" message. This is just FYI, as when I run the update again, the error disappears.

    Reconfigure Services? (yes,no,selected) [yes]:
    Configuring Postfix
    Configuring Dovecot
    Creating new DHParams file, this takes several minutes. Do not interrupt the script.
    142+0 records in
    142+0 records out
    142 bytes copied, 0.000529595 s, 268 kB/s
    unable to load DH parameters
    3072366336:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1130:
    3072366336:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:290:Type=DHparams
    Configuring Mailman
    I have other issues with this upgrade, but will create separate threads where relevant. Thanks for all your great work!
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    That's the output of the command to create the DH params file which is required for dovecot on Debian 10. Seems as if something is wrong with your OpenSSL setup when such a basic command fails.

    openssl dhparam -out /etc/dovecot/dh.pem 2048
    Richard Foley likes this.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Try to delete the file and create it again with the above command.
    Richard Foley likes this.
  4. Richard Foley

    Richard Foley Member

    did that, everything seems to be running smoothly, for now...
    Thanks Till!
  5. Jemt

    Jemt Member HowtoForge Supporter

    For the record, I was having the same problem on Debian 10 Buster. Till's solution solved the problem.
    The server in question was initially based on Debian 7, and has since been upgraded to Debian 8, Debian 9, and now Debian 10. Perhaps the problem is related to the upgrade procedures.
    Last edited: Feb 25, 2020

Share This Page