Feature request.
Jean-Daniel
jddupas at xooloo.com
Sat Oct 10 16:56:08 EEST 2020
> Le 10 oct. 2020 à 11:38, @lbutlr <kremels at kreme.com> a écrit :
>
> On 09 Oct 2020, at 02:16, Rogier Wolff <R.E.Wolff at BitWizard.nl> wrote:
>> It turns out that dovecot had been running uninterrupted since august
>> 13th, the certificate was renewed on september 7th and I suspect it
>> expired on october 7th.
>
> The ACME protocol that LE uses has a specific feature for specifying a script to run after a certificate updates. One of the common things to do in these scripts is to restart services like apache and dovecot so they see the new certs. Other common actions are copying the certs to specific locations on the system (like, say, into jails) or even to other hardware.
>
> This is the best, most reliable, and least fiddly solution.
>
ACME protocol does not care about script run on renew, as it only specifies the network exchange between the ACME client and the ACME server.
Running hook on script renew is the responsibility of each acme client, and so is specific to the client you are using.
All clients have there own way to do it:
- certbot.
- acmebot
- acmetool (which may be a good solution for people who don’t like dependencies installed by other solutions as this is a standalone binary)
- Kubernetes CertManager.
Just check the doc for the one you are using.
More information about the dovecot
mailing list