a question about certificates from letsencrypt
Ralph Seichter
dovecot-ml at seichter.de
Fri Aug 19 12:56:55 UTC 2016
On 19.08.2016 14:12, Aki Tuomi wrote:
> Depends how your MUA validates the certificate.
>
> If it just checks CA, then no. Also I don't think the private key
> changes, so it should not cause recheck either. Other checks, maybe.
Last time I checked, the LetsEncrypt client generated a fresh key pair
whenever the user requested a certificate to be renewed, unless the user
explicitly opted to use the existing keys (which required some extra
configuration). That should not matter much for Dovecot or other IMAP
servers, but it is very important for Mail Exchangers when using DANE.
-Ralph
More information about the dovecot
mailing list