1 files changed, 7 insertions, 5 deletions

diff --git a/roles/dovecot/templates/10-ssl.conf.j2 b/roles/dovecot/templates/10-ssl.conf.j2
index 8efa1d2..aca8e5c 100644
--- a/roles/dovecot/templates/10-ssl.conf.j2
+++ b/roles/dovecot/templates/10-ssl.conf.j2
@@ -1,14 +1,14 @@
 # SSL/TLS Configuration
 ssl = required
-ssl_key = "</etc/letsencrypt/live/{{ mail_domain }}/privkey.pem"
-ssl_cert = "</etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem"
+ssl_server_key_file = "/etc/letsencrypt/live/{{ mail_domain }}/privkey.pem"
+ssl_server_cert_file = "/etc/letsencrypt/live/{{ mail_domain }}/fullchain.pem"
 ssl_client_ca_dir = /etc/ssl/certs
-ssl_dh = </usr/share/dovecot/dh.pem
+ssl_server_dh_file = /usr/share/dovecot/dh.pem
 
 # Mozilla modern compatibility (https://wiki.mozilla.org/Security/Server_Side_TLS)
 # This is here for future use - Dovecot does not support using only TLSv1.3 right now.
 #ssl_min_protocol = TLSv1.3
-# Ciphers listed here are just for reference, DO NOT uncomment, this is not a valid 
+# Ciphers listed here are just for reference, DO NOT uncomment, this is not a valid
 # openssl cipherlist
 #ssl_cipher_list = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
 
@@ -16,5 +16,7 @@ ssl_dh = </usr/share/dovecot/dh.pem
 ssl_min_protocol = TLSv1.2
 ssl_cipher_list = ECDHE+ECDSA+AESGCM:ECDHE+aRSA+AESGCM:ECDHE+ECDSA+CHACHA20:ECDHE+aRSA+CHACHA20:DHE+aRSA+AESGCM:!aNULL:!eNULL
 
-ssl_prefer_server_ciphers = yes
+#ssl_prefer_server_ciphers = yes
+ssl_server_prefer_ciphers = server
 ssl_client_require_valid_cert = yes
+