On Oct 5, 2007, at 12:41 PM, dovecot-request@dovecot.org wrote:
Message: 1 Date: Fri, 5 Oct 2007 10:25:49 +0100 From: Mike Brudenell pmb1@york.ac.uk Subject: Re: [Dovecot] How to upgrade a running Dovecot? To: Dovecot Mailing List dovecot@dovecot.org Message-ID: B9A4EC9A-82C0-4250-BC98-606695775041@york.ac.uk Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Hi, Jerry/et al -
Hello Mike,
(stuff chomped out)
Scenario 2: Altered SSL Certificates
I need to replace our current certificates and have prepared new files containing the replacement certificate and private key. Am I right in thinking that I can simply modify dovecot.conf to point at the new files and send a HUP signal to dovecot? Specifically, will new connections use the revised certificates, and existing connections continue to work OK without interruption?
Ehh not really, the auth child processes can be killed and new ones started. See your next scenario question.
...So here you're saying that although the "dovecot" master process re-reads the configuration file, it doing so has no effect on the existing authenticator child processes? And is it these processes that are dealing with the SSL connection? ... I'd have thought it was either the "imap-login" or "imap" processes?
Just to be clear about this for myself, (instead of relying on the
'ol saying 'that is how it used to work' -- because I am switching
over to 1.1 from 1.0.n your question takes on new relevance for me as
well)
I tested this and yes it works as before, the new files seem to be
used for the new connections (all of the dovecot auth processes are
killed on the HUP signal -- dovecot itself just rereads the conf file
and new auth listeners are started -- assuming that you use Dovecot
for the auth mechanism to Postfix) and existing connections seem to
handle things okay.
I did find something new (or I have not noticed it before)
If you kill (not just restart) the Dovecot process itself and restart
it with existing connections (someone was connected to IMAPS when you
killed Dovecot) Dovecot will not restart, complaining that port 993
is taken already. This happens regardless of the shutdown_clients =
yes/no setting. This may be particular to the new version 1.1, I do
not know.
Jerry