Feature request.
Marc Roos
M.Roos at f1-outsourcing.eu
Fri Oct 9 11:24:41 EEST 2020
Does a dovecot reload not do that? For a webserver I just set a flag and
a cron job. Whenever I put a new cert, the webserver reloads.
-----Original Message-----
To: Rogier Wolff; dovecot at dovecot.org
Subject: Re: Feature request.
> On 09/10/2020 11:16 Rogier Wolff <r.e.wolff at bitwizard.nl> wrote:
>
>
> Hi,
>
> I get my Email from my own SMTP server on the internet using
> "fetchmail". Some time ago I did the smart thing and configured
> dovecot to use SSL and the letsencrypt certificate that automatically
> renews.
>
> Welllll..... a few days ago my certificate expired and the fetchmail
> deamon running in the background had nowhere to complain. So I didn't
> notice.
>
> It turns out that dovecot had been running uninterrupted since august
> 13th, the certificate was renewed on september 7th and I suspect it
> expired on october 7th.
>
> So.... Feature request: check the expiry date on the SSL certificate
> as it is being loaded and check for a new certificate if it HAS
> expired.
>
> If you worry about performance, this could be done where:
>
> TLS handshaking: SSL_accept() failed: error:14094415:SSL
> routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert
> number 45
>
> is reported. That would mean that ONE client will once get the error
> before dovecot fixes it. My personal fix is to restart dovecot once a
> week from now on.
>
> I might be running an older version:
>
> # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version
> 0.4.21 (92477967) # OS: Linux 4.15.0-34-generic x86_64 Ubuntu 18.04.5
> LTS
>
> if it has already been fixed, please accept my apologies.
>
> Roger.
>
That is indeed old version, but no, there is no automatic certificate
reloading in Dovecot yet. This has been suggested before, and we have it
in our internal issue tracker, but unfortunately I can't promise any
date when it will be done.
Aki
More information about the dovecot
mailing list