Dovecot and Letsencrypt certs
Вадим Бажов
master at remort.net
Sat Sep 9 11:52:48 EEST 2017
"writing a script to check the certs" - there is no need to write any
scripts. As one mentioned, it's done by a hook to certbot. Please read
the manuals for LE or certbot. The issue you have is quite common and
of course certbot designed to do it for you.
The manual: https://certbot.eff.org/docs/using.html#renewing-certificates.
Thats it. Problem solved.
2017-09-09 0:18 GMT+05:00 @lbutlr <kremels at kreme.com>:
> On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
>> On 08.09.2017 19:51, @lbutlr wrote:
>>> How I would do it is IF the certificate is expired, the dovecot should
>>> check if there is a new cert and if so, load it.
>
>> New cert as in file modification date or checksum changed?
>
> Either one, but checksum is going to be more reliable.
>
>> Might work. Still, from what I seem to remember, Dovecot loads certificate data before dropping privileges, which is why reloading the data might be problematic without some changes.
>
> Can't dovecot reload itself? That could be a problem if not.
>
>> Not worth spending development effort on, IMO, given that Dovecot can easily be restarted by the external processes that update the cert (like Certbot hook, Ansible, etc.).
>
> All I'm saying is that it's a failure event that doesn't need to occur.
>
> --
> Apple broke AppleScripting signatures in Mail.app, so no random signatures.
More information about the dovecot
mailing list