• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

pop3d.pem no start line

H

Hans_Meiser

New Pleskian
Hello,

I get the following error message in my mail logs:

/usr/share/courier-imap/pop3d.pem: error:0906D06C:pEM routines:pEM_read_bio:no start line

This happens even with the "Plesk-Default-Cert" in pop3d.pem.

I believe I tried every suggestion from the internet...text block positions, user rights, some modifications in the confs according to the Plesk-how to's etc.

My Configurations are the recommended ones from the Plesk knowledge base.

I must say that my client is Outlook 2003 which is rather old.

Does someone has another idea? My client does not send any certificate.
 
Most probably there are Windows EOL symbols in certificate. Try to check it with

# dos2unix /usr/share/courier-imap/pop3d.pem
 
Thank you, but double checked with the same result...

couriertls: /usr/share/courier-imap/pop3d.pem: error:0906D06C:pEM routines:pEM_read_bio:no start line
 
Hi Hans_Meiser,

Hans_Meiser said:
This happens even with the "Plesk-Default-Cert" in pop3d.pem.
Click to expand...
Did you change the content from the file "/usr/share/courier-imap/pop3d.pem" ? With which software did you edit the file "/usr/share/courier-imap/pop3d.pem" ?

Hans_Meiser said:
I believe I tried every suggestion from the internet...text block positions, user rights, some modifications in the confs according to the Plesk-how to's etc.

My Configurations are the recommended ones from the Plesk knowledge base.
Click to expand...
Could you please name the How-To's you used? s?
Could you please name the KB - articles, that you followed to configure the certificates or it's changes?
 
Last edited by a moderator:
Hi Hans_Meiser,

even if you maybe double and tribble checked, i recommend to use a "pure" text-editor, when editing certificates to merge them. As you can see in your case, there are certificates issues, which only result from incorrect pastings, or additional signs, or even bad converts.

I would as well recommend to use both paths
Code: 
/usr/share/imapd.pem 
/usr/share/pop3d.pem
AND
Code: 
/usr/share/courier-imap/imapd.pem
/usr/share/courier-imap/pop3d.pem
for your certificates, when you save them.
 
Hi,

I created a self singed cert and only edited it with cat (merging the Openssl-outputs)

cat /home/xxx/tmp/cert.crt > /usr/share/courier-imap/pop3d.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/courier-imap/pop3d.pem

cat /home/xxx/tmp/cert.crt > /usr/share/courier-imap/imapd.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/courier-imap/imapd.pem

cat /home/xxx/tmp/cert.crt > /usr/share/pop3d.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/pop3d.pem

cat /home/xxx/tmp/cert.crt > /usr/share/imapd.pem
cat /home/xxx/tmp/cert-stripped.key >> /usr/share/imapd.pem

...with the same result.

By the way, I would not believe that the Plsek defualt cert comes damaged too.

...strange...

but when I use a default cert from an older server the message disapears.

Seems it has to do with the kind of cert.

...double strange...

the older cert/pem bundle has:

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----

...and the key seems to be shorter...may be an older format is involved too.
 
Last edited:
SOLVED:

The all in one-error message "no start line" is misleading.
I hate those messages. They can cause hours, days and weeks of investigations.

My system needs a dhparam section in the pop3d.pem

This is not metioned in the Paralleles Plesk KB...

http://kb.odin.com/en/1062

I'm not sure, but I believe the Plesk default SSL-configuration in /usr/share/courier-imap/ has no dhparam section too.
So this could be a serious configuration- and documentation bug (could lead to a MITM vulnerability).
I took advantage of some PCI complience optimisations. May be they are involved too.

PS:
openssl dhparam -out mysexyserver.com_dhparam.pem 4096
 
Last edited:
You must log in or register to reply here.

Similar threads

J
Question Please Help - Email server queries
Replies
5
Views
1K
Kaspar@Plesk
Kaspar@Plesk
flederwiesel
Question `SSLVerifyClient require` -> AH10158: cannot perform post-handshake authentication
Replies
0
Views
730
flederwiesel
flederwiesel
S
Backup and Restore failed
Replies
3
Views
1K
seqoi
S
M
Issue Problem with start node.js app from dashboard buttons
Replies
0
Views
1K
miguelreb
M
brother4
Issue Intermittent 503 Errors on Plesk Obsidian (Ubuntu 22.04 LTS) with PHP-FPM Crashes - Seeking Advice
Replies
3
Views
12K
brother4
brother4
Back
Top