Voytek Eymont
2018-Jul-22 13:52 UTC
ot: LE server conf setup/ iPhone 'expired cert' message
On Sun, July 22, 2018 11:22 pm, dclist at list.jmatt.net wrote:> Usually, a browser connects to a web server on port 443, while an email > client connects to an IMAP or POP server on a different port, served by > different software. Just because your browser receives a current/valid > cert, that doesn?t mean your dovecot server is sending the same > certificate. > > Assuming the sbt.net.au <http://sbt.net.au/> in your email address is the > address of your dovecot server, I tried > > openssl s_client -connect sbt.net.au:143 -starttls imap > > And received a cert which includes: > > > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 03:5b:41:a6:f4:a6:33:eb:5b:ac:af:b8:20:96:f4:0e:20:b9 > Signature Algorithm: sha256WithRSAEncryption > Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3 > Validity > Not Before: Apr 23 11:11:28 2018 GMT > Not After : Jul 22 11:11:28 2018 GMT > Subject: CN=geko.sbt.net.au <http://geko.sbt.net.au/> > > > > Dovecot is sending an expired cert. Pascai is correct; you need to > restart it.Pascal, "dclist", thanks!! I've restarted Dovecot, and, I think it's OK now sorry, I've panicked as googling turned multiple iphone/certs issue, and, rather than properly testing first, I stupidly panicked... thanks for explanation, thanks for testing!! so, basically, after each renewal of server's cert I should remember to reload Dovecot (and maybe Postfix too?) thanks again, -- Voytek
On Sun, 22 Jul 2018, Voytek Eymont wrote:> [...] > so, basically, after each renewal of server's cert I should remember to > reload Dovecot (and maybe Postfix too?)You can add a hook (script) to /etc/letsencrypt/renewal-hooks/deply/ which restarts the services you need. In my case, I have /usr/sbin/apache2ctl graceful /usr/sbin/dovecot reload /usr/sbin/postfix reload This way the services pickup the renewed certificate when it is renewed.
Reasonably Related Threads
- ot: LE server conf setup/ iPhone 'expired cert' message
- ot: LE server conf setup/ iPhone 'expired cert' message
- ot: LE server conf setup/ iPhone 'expired cert' message
- ot: LE server conf setup/ iPhone 'expired cert' message
- ot: LE server conf setup/ iPhone 'expired cert' message