On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote:
On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
The general answere here is try and see, as you could totally test it on your own. The certificate is read at startup and put in memory for the rest of the execution time. Dovecot won't monitor the file for changes on disk, as this would waste CPU cycles and make dovecot only slower for no reason. The process (or person) that changes the file is responsible to restart dovecot to reload the new certificate in memory.
Yassine.
I should mention that this is also true for Apache and postfix.
Yassine.
Certbot has a feature to run scripts when renewing / deploying certificates.
https://certbot.eff.org/docs/using.html#renewing-certificates
Certbot also looks for these scripts under
/etc/letsencrypt/renewal-hooks/pre post deploy
FWIW here is my script restart.sh located in /etc/letsencrypt/renewal-hooks/deploy
#!/bin/sh
systemctl restart nginx postfix dovecot
echo "Certbot renewal\n\n$RENEWED_LINEAGE\n\n$RENEWED_DOMAINS" | mail -s "Certbot renewal" foo@bar.com
-- K