Renewing certificates
Bill Shirley
bill at KnoxvilleChristian.org
Wed Dec 27 16:24:44 EET 2017
I'm using acme.sh to get my Let's Encrypt certificates. The install command is:
acme.sh --installcert -d imap.example.com \
--keypath /etc/pki/dovecot/private/imap.example.com.pem \
--certpath /etc/pki/dovecot/certs/imap.example.com.crt \
--fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \
--reloadcmd "systemctl reload dovecot.service"
Notice the --reloadcmd.
Bill
On 12/26/2017 6:16 PM, Aki Tuomi wrote:
>> On December 26, 2017 at 11:42 PM Kenneth Porter <shiva at sewingwitch.com> wrote:
>>
>>
>> I'm setting up certbot/letsencrypt to provide a certificate for dovecot and
>> sendmail. Is it necessary to restart dovecot to load the new certificate,
>> as shown in most examples I find in blogs? That seems rude to established
>> connections. When does dovecot read the cert and key files? Once at startup
>> or each time a connection requests SSL? Is there a preferred locking
>> protocol when changing the two files to keep dovecot from reading one while
>> the other is being replaced and getting a mismatched pair?
> doveadm reload should be enough.
>
> Aki
More information about the dovecot
mailing list