Thousands of SSL certificates stalls new logins during reload - problem with Dovecot config process
Arkadiusz Miśkiewicz
arekm at maven.pl
Mon Sep 5 12:16:38 UTC 2022
On 2.09.2022 14:44, Bartosz Kwitniewski wrote:
> Hello,
>
> I'm running a dovecot 2.3.19.1 server that has around 6000 SSL
> certificates in separate config files, each containing:
> local_name "domain" {
> ssl_cert = ...
> ssl_key = ...
> }
> When new certificate is added, dovecot is reloaded (around 20 times a
> day). When dovecot is being reloaded, users are unable to log in for
> around 30 seconds.
Unfortunately it's known for ages that dovecot is not capable of
handling thousands of certificates in a sane way.
There were some ideas which were never implemented:
https://dovecot.org/list/dovecot/2016-October/105858.html
( https://dovecot.org/list/dovecot/2016-October/105855.html )
--
Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
More information about the dovecot
mailing list