Bagas Sanjaya wrote: > Hi, > > I have difficulties setting up Dovecot to connect to remote MariaDB instance > over TLS. > > So I have two Debian 11 LXD containers spun up, one as mail server with > Postfix and Dovecot, and one as database instance with MariaDB. The LXD host > is Ubuntu 20.04.
The first problem is that you have introduced a new point of failure: if you set up dovecot to use a database, that database must be functioning for dovecot to work. Putting it into a different VM or container adds complexity and a source of failure without gaining you anything at all. And once dovecot and the database are in the same container/VM, they don't need SSL to communicate securely. The second problem is that ssl_ca should point to the CA bundle for your desired SSL cert -- in this case, your own CA. It is probably indicative of something that the only mention of ssl_ca_path in Dovecot's documentation is in a comment in the config. -dsr-
