similar to: Dovecot and Letsencrypt certs

<master at remort.net> writes: > "writing a script to check the certs" - there is no need to write any > scripts. As one mentioned, it's done by a hook to certbot. Please read > the manuals for LE or certbot. The issue you have is quite common and > of course certbot designed to do it for you. Won't work, of course, if you employ the least-privilege security

And remove that "postfix reload" command - Postfix doesn't require explicit reloading. It'll pickup the changed cert automagically. Daniel On 9/12/2017 9:26 AM, Daniel Miller wrote: > What's wrong with using a certbot "post-hook" script such as: > > #!/bin/bash > echo "Letsencrypt renewal hook running..." > echo

> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate. > > I know the cert has been updated because the mail clients asks me if I trust the certificate. > > If it makes a difference I use the bash LetsEncrypt not the Python code. I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS. On

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process

On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote: > On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > > The general answere here is try and see, as you could totally test it > > on your own. The certificate is read at startup and put in memory for > > the rest of the execution time. Dovecot won't monitor the file for > > changes on

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > On 08.09.2017 19:51, @lbutlr wrote: >> How I would do it is IF the certificate is expired, the dovecot should >> check if there is a new cert and if so, load it. > New cert as in file modification date or checksum changed? Either one, but checksum is going to be more reliable. > Might

Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately.

Robert Wolf wrote on 13/09/2017 10:26: > are you sure? What is the refresh time? Instantly or with some delay? Have you > tested what happens if I install new key, but I delay installing correct > certificate? Does postfix keep the old key+cert or stop using any cert because > the new key is not correct for the current(old) certificate? > > On my postfix 2.9.6 on debian wheezy

So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot

Dear Aki, I think the renewal failed again. The SSL certificate expired Saturday, 14 July 2018. This affects (at least) the repo.dovecot.org website and debian repository. Thanks, Bernardo. On 2018-05-15 08:15, Aki Tuomi wrote: > On 15.05.2018 09:14, B. Reino wrote: >> Dear all, >> >> Just in case you've missed it, the certificate for repo.dovecot.org >> just

On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > What is Dovecot supposed to do? Keep track of the certificate expiry > date? And if that is passed, then what? Automatically shutdown/restart? > What if the certificate has not been updated in between? I think that > handling certificates is better left to the administrator. How I would do it is

> Thanks. Is there another way of doing this? I've got a web server > running on 80 and 443. Are there any other options? I'm getting this list in digest mode, so it's possible by the time this gets to you, I will have repeated someone else' suggestion. In this situation, where your dovecot server lives on the same host as a web server (wembail?), and this web server is

Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote: > That’s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecast streaming server user discussions > Subject: Re:

You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at hotmail.com> wrote: > Hi all, > > > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > > But now I am struggling a bit on how to renew the

On 09/10/2020 11:50, Plutocrat wrote: > On 09/10/2020 4:16 pm, Rogier Wolff wrote: >> It turns out that dovecot had been running uninterrupted since august >> 13th, the certificate was renewed on september 7th and I suspect it >> expired on october 7th. > I guess you could do a few things yourself to make sure the cert is valid. Thinking out loud: > > - Blunt

Yup, that did the trick. Thanks! Filipe On 1/10/19 7:47 AM, Aki Tuomi wrote: > > > On 10.1.2019 9.42, Filipe Carvalho wrote: >> >> Hello, >> >> Not sure if this is the right place to post this, but the ssl >> certificate of the repo.dovecot.org server expired on the 9th of January. >> >> It's giving an error via the browser and via the apt

On 08.09.2017 16:20, LuKreme wrote: > That is a great solution, but I think it?s probably easier to just > kick dovecot once a month. Certbot hooks are very easy to write, and are only executed when the certificate is updated. In that light, I can see no advantage in "kick dovecot once a month". ;-) > However, it seems like checking the certs is something that dovecot >