diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile
index d3771470..9d0789b3 100644
--- a/data/Dockerfiles/dovecot/Dockerfile
+++ b/data/Dockerfiles/dovecot/Dockerfile
@@ -79,6 +79,7 @@ RUN groupadd -g 5000 vmail \
   lua-sql-mysql \
   lua-socket \
   lua-json \
+  lua-sec \
   mariadb-client \
   procps \
   python3-pip \
diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh
index c1d402b1..7e537e1a 100755
--- a/data/Dockerfiles/dovecot/docker-entrypoint.sh
+++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh
@@ -136,8 +136,8 @@ function auth_password_verify(request, password)
 
   json = require "json"
   ltn12 = require "ltn12"
-  http = require "socket.http"
-  http.TIMEOUT = 5
+  https = require "ssl.https"
+  https.TIMEOUT = 5
   mysql = require "luasql.mysql"
   env  = mysql.mysql()
   con = env:connect("__DBNAME__","__DBUSER__","__DBPASS__","localhost")
@@ -150,7 +150,7 @@ function auth_password_verify(request, password)
   local res = {} 
   
   -- check against mailbox passwds
-  local b, c = http.request {
+  local b, c = https.request {
     method = "POST",
     url = "https://nginx/api/v1/process/login",
     source = ltn12.source.string(req_json),
@@ -181,7 +181,7 @@ function auth_password_verify(request, password)
       req.protocol.ignore_hasaccess = true
     end
 
-    local b, c = http.request {
+    local b, c = https.request {
       method = "POST",
       url = "https://nginx/api/v1/process/login",
       source = ltn12.source.string(req_json),
diff --git a/docker-compose.yml b/docker-compose.yml
index 814cf30a..e2bbab93 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -216,7 +216,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.23
+      image: mailcow/dovecot:1.24
       depends_on:
         - mysql-mailcow
       dns: