"I think it’s probably easier to just kick dovecot once a month." - that's not good from system administration's point of view. You can get into trouble when certificate is renewed but dovecot isn't reloaded yet. And, doing something via cron just by-guess, once a month - is a no no logic. "it seems like checking the certs is something that dovecot should be doing on its own" if dovecot loads it in memory, it shouldn't reread certificates. Why to take servers resources just 'because of something may be changed' restarting dovecot with no need ? And, never do restart if reload suits your needs. But check it first, if reload action rereads certificate from file system.
2017-09-08 19:20 GMT+05:00 LuKreme kremels@kreme.com:
On Sep 8, 2017, at 07:56, Darac Marjal mailinglist@darac.org.uk wrote:
#!/bin/bash
set -e set -u set -o pipefail
if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then echo " + Hook: Restarting Dovecot..." /usr/sbin/service dovecot restart fi
That means that dovecot will be restarted only if the certificate for the mail server is being deployed. If dehydrated runs, but fails to renew the certificate, then dovecot won't be restarted. Similarly, if it renews a different certificate, dovecot won't be restarted.
That is a great solution, but I think it’s probably easier to just kick dovecot once a month.
4 4 4 * * service dovecot restart
However, it seems like checking the certs is something that dovecot should be doing on its own.
-- This is my signature. There are many like it, but this one is mine.