Feature request.
Joseph Tam
jtam.home at gmail.com
Sat Oct 10 00:50:50 EEST 2020
On Fri, 9 Oct 2020, David Morsberger wrote:
> Both the renew hook and post hook are good candidates for our reload
> script. Each has a downside however. The post hook will be run after
> every renewal attempt, regardless of if anything was actually renewed
> or not. This will result in the services being reloaded many times for
> no reason.
An alternative to using certbot hooks is to use an inotify based tool
(available for most Linux based OS). A certificate update triggers
a restart script. For example,
https://linux.die.net/man/5/incrontab
> The renew hook only runs if a certificate was successfully renewed, but
> it will be run once for each certificate. This could mean reloading
> services multiple times if you have multiple certificates. If you only
> have a single certificate however it'll work great.
For this case, I think you need a periodic (cron) process, restart rather
than a synchronous process, that will check certs and restart/reload once per
day/week/whatever. This is the method I use as my LE certificates are obtained
via DNS challenges on a different host.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list