Failed to start Dovecot after add ssl certificate

Hello,
sorry for my bad english, i'm french

I followed the tutorial https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/
I'm blocked just after the step 2 "Replacing the certificate with the Let's Encrypt certificate"
When i want to restart dovecot i have error

root@ip107:/etc/postfix# systemctl restart dovecot
Job for dovecot.service failed because the control process exited with error code.
See "systemctl status dovecot.service" and "journalctl -xe" for details.

root@ip107:/etc/postfix# systemctl status dovecot
* dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2022-05-09 08:14:27 UTC; 2min 54s ago
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 20045 ExecStop=/usr/bin/doveadm stop (code=exited, status=0/SUCCESS)
Process: 20216 ExecStart=/usr/sbin/dovecot (code=exited, status=89)
Main PID: 237 (code=exited, status=0/SUCCESS)

May 09 08:14:27 ip107 systemd[1]: Starting Dovecot IMAP/POP3 email server...
May 09 08:14:27 ip107 dovecot[20216]: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 7: ssl_cert: Can't open file /etc/postfix/smtpd.cert: No such file or directory
May 09 08:14:27 ip107 systemd[1]: dovecot.service: Control process exited, code=exited status=89
May 09 08:14:27 ip107 systemd[1]: Failed to start Dovecot IMAP/POP3 email server.
May 09 08:14:27 ip107 systemd[1]: dovecot.service: Unit entered failed state.
May 09 08:14:27 ip107 systemd[1]: dovecot.service: Failed with result 'exit-code'.
You have new mail in /var/mail/root

But when i verify in /etc/postfix i have smtpd.cert

Can you help me please?

 

the files smtp.cert and smtpd.key are empty...

 

ln -s /root/.acme.sh/mail.example.com/fullchain.cer smtpd.cert
ln -s /root/.acme.sh/mail.example.com/mail.example.com.key smtpd.key
i haven't /root/acme.sh/ directory

 

When i checked with https://www.sslshopper.com/ssl-checker.html it's ok after create new domain mail.myname.com

 

When i have create my siteweb and mails i have create on the same domain as mydomain.fr but i have'nt create mail.mydomain.fr
But i use certificate who are not the good. On my other domains, it's the same certificate who is asset.
i have problems with outlook.com and hotmail.com who blocked me. Gmail place my mails on spam.
How to use correctly mails ? i must to create new mail on mail.mydomain.com and replace ? can i deplace old mails on the new box?

 

yes

 

sorry but i'm not very good.
my setup is like this:
website : mydomain.fr
email domain : mydomain.fr
email : [email protected]
DNS record : MX mydomain.fr mail.mydomain.fr 10 3600
A mail xxx.xxx.xxx.xxx 0 3600
this config is the same on my differents domains.

How to configure with ssl mail with good certificat for each box ?

If in understand i must create website mail.mydomain.fr with ssl let's encrypt, but after i'm in the fog.
I don't want to lose my mail data, just get an ssl certificate for my mailboxes.
Should I recreate the mailboxes on the new domain mail.mydomain.fr and move the data?

 

thanks for your reply but i'm not sure to understand all of directives

my setup :
websites : exemple.fr, exemple2.fr, exemple3.fr
email domain : exemple.fr, exemple2.fr, exemple3.fr
email : mail@exemple.fr, mail2@exemple.fr, mail@exemple2.fr, mail2@exemple2.fr ...etc
DNS record : MX exemple.fr mail.exemple.fr 10 3600; A mail xxx.xxx.xxx.xxx 0 3600
MX exemple2.fr mail.exemple2.fr 10 3600; A mail xxx.xxx.xxx.xxx 0 3600
MX exemple3.fr mail.exemple3.fr 10 3600; A mail xxx.xxx.xxx.xxx 0 3600

for the moment, all mailboxes use the same certificat ssl who is wrong, i must forced on messaging software the certificat.
outlook and hotmail blocked all mail adress, Gmail accept but push all mails in spam directory

can i keep my mailboxes or i must to create new mailboxes on a new domain?
i must remove MX DNS record on exemple.fr ? and add MX DNS record on mail.exemple.fr ?
can i use mail.exemple.fr, mail.exemple2.fr and mail.exemple3.fr or only one?
sorry for this questions but it's confused for me

 

i can keep actualy mailboxes?
i must change MX record like this for customer domains?
MX exemple2.fr mail.principaldomain.fr 10 3600 ?

 

the customers can continue to use mail.exemple2.fr on messaging software or they must change to mail.domainprincipal.fr ?

 

it's good for certificate ssl with mx dns record and on my messaging software, now i haven't error message for certificat.
But gmail send always my mails in spam and outlook.com block already my sent
<[email protected]>: host
eur.olc.protection.outlook.com[104.47.18.225] said: 550 5.7.1
Unfortunately, messages from [my.ip.ser.ver] weren't sent. Please contact
your Internet service provider since part of their network is on our block
list (S3150). You can also refer your provider to
http://mail.live.com/mail/troubleshooting.aspx#errors.
[VI1EUR06FT052.eop-eur06.prod.protection.outlook.com] (in reply to MAIL
FROM command)

I sent a request a few days ago here is their response

We have completed reviewing the IP(s) you submitted. The following table contains the results of our investigation.

Not qualified for mitigation
54.37.126.107
Our investigation has determined that the above IP(s) do not qualify for mitigation.

Please ensure your emails comply with the Outlook.com policies, practices and guidelines found here: http://mail.live.com/mail/policies.aspx.

To have Deliverability Support investigate further, please reply to this email with a detailed description of the problem you are having, including specific error messages, and an agent will contact you.

Regardless of the deliverability status, Outlook.com recommends that all senders join two free programs that provide visibility into the Outlook.com traffic on your sending IP(s), the sending IP reputation with Outlook.com and the Outlook.com user complaint rates.

Junk Email Reporting program (JMRP) When an Outlook.com user marks an email as "junk", senders enrolled in this program get a copy of the mail forwarded to the email address of their choice. It allows senders to see which mails are being marked as junk and to identify mail traffic you did not intend to send. To join, please visit

https://sendersupport.olc.protection.outlook.com/snds/JMRP.aspx

Smart Network Data Services program (SNDS). This program allows you to monitor the ‘health’ and reputation of your registered IPs by providing data about traffic such as mail volume and complaint rates seen originating from your IPs. To register, please visit http://postmaster.live.com/snds/.

There is no silver bullet to maintaining or improving good IP reputation, but these programs help you proactively manage your email eco-system to help better ensure deliverability to Outlook.com users.

Thank you,
Outlook.com Deliverability Support

 

after contact ovh i must send form to microsoft to deblock the situation
but for gmail have you a solution for mails who go directly in spams?