Dovecot and Letsencrypt certs
Вадим Бажов
master at remort.net
Fri Sep 8 18:28:59 EEST 2017
"I think it’s probably easier to just kick dovecot once a month." -
that's not good from system administration's point of view. You can
get into trouble when certificate is renewed but dovecot isn't
reloaded yet. And, doing something via cron just by-guess, once a
month - is a no no logic.
"it seems like checking the certs is something that dovecot should be
doing on its own" if dovecot loads it in memory, it shouldn't reread
certificates. Why to take servers resources just 'because of something
may be changed' restarting dovecot with no need ?
And, never do restart if reload suits your needs. But check it first,
if reload action rereads certificate from file system.
2017-09-08 19:20 GMT+05:00 LuKreme <kremels at kreme.com>:
> On Sep 8, 2017, at 07:56, Darac Marjal <mailinglist at darac.org.uk> wrote:
>> #!/bin/bash
>>
>> set -e
>> set -u
>> set -o pipefail
>>
>> if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then
>> echo " + Hook: Restarting Dovecot..."
>> /usr/sbin/service dovecot restart
>> fi
>>
>> That means that dovecot will be restarted only if the certificate for the mail server is being deployed. If dehydrated runs, but fails to renew the certificate, then dovecot won't be restarted. Similarly, if it renews a different certificate, dovecot won't be restarted.
>
> That is a great solution, but I think it’s probably easier to just kick dovecot once a month.
>
> 4 4 4 * * service dovecot restart
>
> However, it seems like checking the certs is something that dovecot should be doing on its own.
>
> --
> This is my signature. There are many like it, but this one is mine.
More information about the dovecot
mailing list