19 Aug
2016
19 Aug
'16
3:56 p.m.
On 19.08.2016 14:12, Aki Tuomi wrote:
Depends how your MUA validates the certificate.
If it just checks CA, then no. Also I don't think the private key changes, so it should not cause recheck either. Other checks, maybe.
Last time I checked, the LetsEncrypt client generated a fresh key pair whenever the user requested a certificate to be renewed, unless the user explicitly opted to use the existing keys (which required some extra configuration). That should not matter much for Dovecot or other IMAP servers, but it is very important for Mail Exchangers when using DANE.
-Ralph