Guido Goluke, MajorLabel
2019-Mar-14 08:14 UTC
Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
Running dovecot 2.2, apologies if this question has been asked before: I've done the research but couldn't find anything. I run a server that uses dovecot as a MUA for Postfix and have a Let's Encrypt certificate that auto-renews through certbot on Ubuntu server 16.04. Dovecot did not pick up on the new certificate for the hostname. It did after a restart. To be clear: Let's Encrypt overwrites the previous certificate using the same path and filename. Am I right to assume that Dovecot needs a reload/restart after the certificate has been renewed in order to 'pick up' on the new certificate and if so, would I require a reload or a restart? Thank you in advance -- MajorLabel
Yassine Chaouche
2019-Mar-14 08:32 UTC
Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
The general answere here is try and see, as you could totally test it on your own. The certificate is read at startup and put in memory for the rest of the execution time. Dovecot won't monitor the file for changes on disk, as this would waste CPU cycles and make dovecot only slower for no reason. The process (or person) that changes the file is responsible to restart dovecot to reload the new certificate in memory. Yassine. On 3/14/19 9:14 AM, Guido Goluke, MajorLabel via dovecot wrote:> Running dovecot 2.2, apologies if this question has been asked before: > I've done the research but couldn't find anything. > > I run a server that uses dovecot as a MUA for Postfix and have a Let's > Encrypt certificate that auto-renews through certbot on Ubuntu server > 16.04. Dovecot did not pick up on the new certificate for the > hostname. It did after a restart. To be clear: Let's Encrypt > overwrites the previous certificate using the same path and filename. > Am I right to assume that Dovecot needs a reload/restart after the > certificate has been renewed in order to 'pick up' on the new > certificate and if so, would I require a reload or a restart? > > Thank you in advance >
Yassine Chaouche
2019-Mar-14 08:33 UTC
Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:> The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process (or person) that changes the file is > responsible to restart dovecot to reload the new certificate in memory. > > Yassine.I should mention that this is also true for Apache and postfix. Yassine.
Possibly Parallel Threads
- Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
- Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
- Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
- Dovecot and Letsencrypt certs
- Dovecot and Letsencrypt certs