Davecot CA certificate is copied to / directory

With Webmin version 1.831, Virtualmin version 5.06 and Authentic Theme 18.32 when copying the current SSL certificate to Davecot it gives:

Copying certificate and key to Dovecot files ..
.. wrote out certificate in /etc/pki/dovecot/certs/dovecot.pem, key in /etc/pki/dovecot/private/dovecot.pem and CA cert in /dovecot.ca.pem
Enabling SSL in Dovecot configuration ..
.. done

and indeed firing the "ls -l /" command shows the "dovecot.ca.pem" in the main / directory of server, which is not a good place to store certificates at all.

Status: 
Active

Comments

I believe this is happening because the /etc/dovecot/conf.d/10-ssl.conf file has correct lines:

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem

but incorrect line for:

ssl_ca = </dovecot.ca.pem

I don't know when this become broken, but the instructions right above that line indicate:

# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/pki/dovecot/certs/ca.pem)

Had to

mv /dovecot.ca.pem /etc/pki/dovecot/certs/ca.pem
service dovecot restart

but please have this fixed on *min depository code.

The 5.07 release of Virtualmin (due out in a few days) will "fix" this issue by not creating the ssl.ca file at all, as it turns out this is the wrong way to configure Dovecot. Instead, the CA cert will be appended to the domain's cert file.