Feature request.
Reio Remma
reio at mrstuudio.ee
Fri Oct 9 14:08:42 EEST 2020
On 09/10/2020 14:02, Gerald Galster wrote:
>> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate.
>>
>> I know the cert has been updated because the mail clients asks me if I trust the certificate.
>>
>> If it makes a difference I use the bash LetsEncrypt not the Python code.
> I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS.
> On CentOS 8 you need to enable the EPEL *and* PowerTools repositories (/etc/yum/repos.d/...)
>
> I've attached a small perl script that I call via cron 30 minutes after certbot starts which reloads services if necessary.
>
> Best regards
> Gerald
>
>
>
> #!/usr/bin/perl
>
> my $reload;
>
> open(FF, "find /etc/letsencrypt/live -mtime -1 -name cert.pem |");
> while(<FF>){
> chomp;
> next if !$_;
> $reload++;
> }
> close(FF);
>
> if($reload){
> system("/usr/bin/systemctl reload httpd");
> system("/usr/bin/systemctl reload postfix");
> system("/usr/bin/systemctl reload dovecot");
>
> }
>
With certbot you can simply put a script in
/etc/letsencrypt/renewal-hooks/deploy/:
# deploy-hook-script.sh
set -e
for domain in $RENEWED_DOMAINS; do
case $domain in
domain.com )
chmod 600 "$RENEWED_LINEAGE/fullchain.pem"
chmod 600 "$RENEWED_LINEAGE/privkey.pem"
/usr/bin/systemctl reload dovecot
/usr/bin/systemctl restart opensmtpd
;;
esac
done
More information about the dovecot
mailing list