Dovecot and Letsencrypt certs

[@lbutlr]

On 08 Sep 2017, at 09:28, Вадим Бажов <master at remort.net> wrote:
> "I think it’s probably easier to just kick dovecot once a month." -
> that's not good from system administration's point of view. You can
> get into trouble when certificate is renewed but dovecot isn't
> reloaded yet.

That's simply not possible. The cert renews well before it expires.

> "it seems like checking the certs is something that dovecot should be
> doing on its own" if dovecot loads it in memory, it shouldn't reread
> certificates.

Of course it should because certs are DESIGNED to expire and MUST expire, and dovecot certainly has the ability to see when the cert expires.

> Why to take servers resources just 'because of something
> may be changed'

Something WILL be changed, absolutely certain of that. All certs expire.

> restarting dovecot with no need ?

restarting/reloading dovecot is trivial and takes far less time than writing a script to check the certs and then creating a crontab for that which also gives a tertiary point of failure.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.