Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
Patrick Cernko
pcernko at mpi-klsb.mpg.de
Thu Mar 14 10:55:08 EET 2019
Hi,
On 14.03.19 09:33, Yassine Chaouche via dovecot wrote:
> On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
>> The general answere here is try and see, as you could totally test it
>> on your own. The certificate is read at startup and put in memory for
>> the rest of the execution time. Dovecot won't monitor the file for
>> changes on disk, as this would waste CPU cycles and make dovecot only
>> slower for no reason. The process (or person) that changes the file is
>> responsible to restart dovecot to reload the new certificate in memory.
>>
>> Yassine.
>
> I should mention that this is also true for Apache and postfix.
>
on our debian systems, apache reloads the certificate file with
service apache2 reload
I never had to use "restart" to get the new certificate online. The
advantage of reload is obvious: in case of a config error the daemon
stays running (with the old config) whereas with restart you get a
service downtime until you fixed the error.
I guess dovecot's reload mechanism (doveadm reload) also rereads the
certificate file, but I did not test that yet. However I just realized
that doveadm reload exists with exitcode 0 even if there is an config
error. You can only see the error message in the logs. At least the
service keeps running (with the old config).
I cannot say anything about postfix as we use exim. At least the way we
have configured exim, it neither needs reload or restart but reads the
certificate file every time it has to use it.
Best,
--
Patrick Cernko <pcernko at mpi-klsb.mpg.de> +49 681 9325 5815
Joint Administration: Information Services and Technology
Max-Planck-Institute fuer Informatik & Softwaresysteme
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5324 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190314/6a5d50b2/attachment.p7s>
More information about the dovecot
mailing list