Dovecot and Letsencrypt certs

Luigi Rosa lists at luigirosa.com
Wed Sep 13 11:51:32 EEST 2017


Robert Wolf wrote on 13/09/2017 10:26:

> are you sure? What is the refresh time? Instantly or with some delay? Have you
> tested what happens if I install new key, but I delay installing correct
> certificate? Does postfix keep the old key+cert or stop using any cert because
> the new key is not correct for the current(old) certificate?
> 
> On my postfix 2.9.6 on debian wheezy 7 and postfix 2.11.3 on debian jessie 8 I
> have to reload postfix. Postfix can use the same key+cert even if I deleted
> these files.

Two days ago Viktor Dukhovni wrote on Postfix ML:

/*
If you run certbot often enough to renew well in advance of expiration,
reloads of Postfix are unnecessary, and just needlessly interrupt orderly
processing of email by the queue manager.  Usually the new certificate will
be automatically in use within "$max_idle * $max_use" seconds, and typically
sooner, because processes either idle out quickly or reach the re-use limit
quickly, handling $max_use connections that are exactly $max_idle apart is
rather unlikely  By default that's 10000 seconds or just under 3 hours.
*/




-- 


Ciao,
luigi

/
+--[Luigi Rosa]--
\

Statistics: The only science that enables different experts using the same
figures to draw different conclusions.
     --Evan Esar


More information about the dovecot mailing list