After upgrading my server today, the mail server Dovecot did not work anymore - fetching mails with IMAP failed with
socket error ([Errno 104] Connection reset by peer)
The server logs said:
dovecot: imap-login: Fatal: Can't load private ssl_key: Key is for a different cert than ssl_cert dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
The setup had not changed; the Dovecot + Let's Encrypt certificates had been working for over a year.
I found the solution in a forum post: My /etc/dovecot/conf/10-ssl.conf file contained:
ssl_cert = </etc/letsencrypt/live/mail.cweiske.de/fullkeychain.pem
- but using the fullkeychain was apparently wrong; after changing it to fullchain.pem (without the "key") IMAP and POP3 logins worked again.