Dovecot and Letsencrypt certs

@lbutlr kremels at kreme.com
Fri Sep 8 22:18:20 EEST 2017


On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
> On 08.09.2017 19:51, @lbutlr wrote:
>> How I would do it is IF the certificate is expired, the dovecot should
>> check if there is a new cert and if so, load it.

> New cert as in file modification date or checksum changed?

Either one, but checksum is going to be more reliable.

> Might work. Still, from what I seem to remember, Dovecot loads certificate data before dropping privileges, which is why reloading the data might be problematic without some changes.

Can't dovecot reload itself? That could be a problem if not.

> Not worth spending development effort on, IMO, given that Dovecot can easily be restarted by the external processes that update the cert (like Certbot hook, Ansible, etc.).

All I'm saying is that it's a failure event that doesn't need to occur.

-- 
Apple broke AppleScripting signatures in Mail.app, so no random signatures.



More information about the dovecot mailing list