Feature request.
Aki Tuomi
aki.tuomi at open-xchange.com
Fri Oct 9 11:21:09 EEST 2020
> On 09/10/2020 11:16 Rogier Wolff <r.e.wolff at bitwizard.nl> wrote:
>
>
> Hi,
>
> I get my Email from my own SMTP server on the internet using
> "fetchmail". Some time ago I did the smart thing and configured
> dovecot to use SSL and the letsencrypt certificate that automatically
> renews.
>
> Welllll..... a few days ago my certificate expired and the fetchmail
> deamon running in the background had nowhere to complain. So I didn't
> notice.
>
> It turns out that dovecot had been running uninterrupted since august
> 13th, the certificate was renewed on september 7th and I suspect it
> expired on october 7th.
>
> So.... Feature request: check the expiry date on the SSL certificate
> as it is being loaded and check for a new certificate if it HAS
> expired.
>
> If you worry about performance, this could be done where:
>
> TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45
>
> is reported. That would mean that ONE client will once get the error
> before dovecot fixes it. My personal fix is to restart dovecot once a
> week from now on.
>
> I might be running an older version:
>
> # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.21 (92477967)
> # OS: Linux 4.15.0-34-generic x86_64 Ubuntu 18.04.5 LTS
>
> if it has already been fixed, please accept my apologies.
>
> Roger.
>
That is indeed old version, but no, there is no automatic certificate reloading in Dovecot yet. This has been suggested before, and we have it in our internal issue tracker, but unfortunately I can't promise any date when it will be done.
Aki
More information about the dovecot
mailing list