Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
Kostya Vasilyev
kman at fastmail.com
Thu Mar 14 11:04:00 EET 2019
On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote:
> On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
> > The general answere here is try and see, as you could totally test it
> > on your own. The certificate is read at startup and put in memory for
> > the rest of the execution time. Dovecot won't monitor the file for
> > changes on disk, as this would waste CPU cycles and make dovecot only
> > slower for no reason. The process (or person) that changes the file is
> > responsible to restart dovecot to reload the new certificate in memory.
> >
> > Yassine.
>
> I should mention that this is also true for Apache and postfix.
>
> Yassine.
Certbot has a feature to run scripts when renewing / deploying certificates.
https://certbot.eff.org/docs/using.html#renewing-certificates
Certbot also looks for these scripts under
/etc/letsencrypt/renewal-hooks/pre post deploy
FWIW here is my script restart.sh located in /etc/letsencrypt/renewal-hooks/deploy
-------------
#!/bin/sh
systemctl restart nginx postfix dovecot
echo "Certbot renewal\n\n$RENEWED_LINEAGE\n\n$RENEWED_DOMAINS" | mail -s "Certbot renewal" foo at bar.com
-------------
-- K
More information about the dovecot
mailing list