openssl dhparam -out dh.pem

So I was getting errors like this in syslog:

Jul  6 17:35:53 integrity systemd[1]: Started Dovecot IMAP/POP3 email server.
Jul  6 17:35:53 integrity dovecot[10775]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 79: ssl_dh: Can't open file /etc/dovecot/dh.pem: No such file or directory
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Main process exited, code=exited, status=89/n/a
Jul  6 17:35:53 integrity systemd[1]: dovecot.service: Failed with result 'exit-code'.

This failure was affecting other parts of my system (i.e. postfix SASL).
The solution was to generate the dh.pem file:

# openssl dhparam -out dh.pem 4096

Namecheap SSL CSR and CA Bundle for PostiveSSL certs

CSR generation for PositiveSSL and PositiveSSL WildCard with Apache2/OpenSSL see: CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X):

 openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

To generate the CA bundle see this article:

 cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >

The Most Common OpenSSL Commands and viewing a CRL

Found a helpful article today, The Most Common OpenSSL Commands.

The particular command I needed wasn’t listed there though. What I needed to do was examine the contents of my Certificate Revocation List (CRL) certificate. I had a problem connecting to my website because it was complaining about an expired certificate and the culprit was indeed the CRL as I discovered when I ran:

 $ openssl crl -inform CER -in ca.crl -text -noout