I updated my systems from debian 9 (stretch) to debian 10 (buster), which was *almost* painless. When I then updated ispConfig3 Code: php -q update.php I saw the follwoing "DH parameters" message. This is just FYI, as when I run the update again, the error disappears. Code: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Creating new DHParams file, this takes several minutes. Do not interrupt the script. 142+0 records in 142+0 records out 142 bytes copied, 0.000529595 s, 268 kB/s unable to load DH parameters 3072366336:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1130: 3072366336:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:290:Type=DHparams Configuring Mailman I have other issues with this upgrade, but will create separate threads where relevant. Thanks for all your great work!
That's the output of the command to create the DH params file which is required for dovecot on Debian 10. Seems as if something is wrong with your OpenSSL setup when such a basic command fails. openssl dhparam -out /etc/dovecot/dh.pem 2048
For the record, I was having the same problem on Debian 10 Buster. Till's solution solved the problem. The server in question was initially based on Debian 7, and has since been upgraded to Debian 8, Debian 9, and now Debian 10. Perhaps the problem is related to the upgrade procedures.
Thanks Till - Same issue popped up for us - ubuntu 20.04 / php 7.4 / ispconfig 3.2 Solution worked perfectly, although I had to build a longer key of 4096 bits before dovecot was happy. (Still looking for that tip jar, Till ... )
That works, but is deprecated. For intermediate systems one should use these DH parameters. See: https://wiki.mozilla.org/Security/Archive/Server_Side_TLS_4.0#Pre-defined_DHE_groups You can get them for example via: Code: curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/dovecot/dh.pem (Modern systems with only TLS1.3 do not need this parameters)