Displaying 20 results from an estimated 2000 matches similar to: "Dovecot and Letsencrypt certs"
2017 Sep 09
1
Dovecot and Letsencrypt certs
If you're using acme.sh:
acme.sh --installcert -d imap.example.com \
? --keypath /etc/pki/dovecot/private/imap.example.com.pem \
? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \
? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \
? --reloadcmd??????????? "systemctl reload dovecot.service"
HTH,
Bill
On 9/8/2017 9:56 AM, Darac Marjal wrote:
>
2017 Sep 08
5
Dovecot and Letsencrypt certs
On Sep 8, 2017, at 07:56, Darac Marjal <mailinglist at darac.org.uk> wrote:
> #!/bin/bash
>
> set -e
> set -u
> set -o pipefail
>
> if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then
> echo " + Hook: Restarting Dovecot..."
> /usr/sbin/service dovecot restart
> fi
2017 Sep 08
0
Dovecot and Letsencrypt certs
On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutlr wrote:
>So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate.
>
>I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November.
>
>After some moments of confusion I noticed that dovecot had been running since before the renewal, so I
2017 Sep 08
0
Dovecot and Letsencrypt certs
"I think it?s probably easier to just kick dovecot once a month." -
that's not good from system administration's point of view. You can
get into trouble when certificate is renewed but dovecot isn't
reloaded yet. And, doing something via cron just by-guess, once a
month - is a no no logic.
"it seems like checking the certs is something that dovecot should be
doing on its
2017 Feb 19
4
Problem with Let's Encrypt Certificate
On 02/18/2017 10:24 PM, Robert L Mathews wrote:
> On 2/17/17 1:38 PM, chaouche yacine wrote:
>
>> Seems wrong to me too, Robert. If you put your private key inside
>> your certificate, won't it be sent to the client along with it ?
>
> No; any SSL software that uses the file will extract the parts it needs
> from it and convert them to its internal format for future
2017 Jan 16
2
Remove empty milder folders
Not sure if anyone will find this useful, but this is how I deleted a bunch (several hundred) of empty mail folders from a user account:
# doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list
then I looked over list just to be sure it wasn?t mucked up and in
2019 Jan 14
4
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
(@Rowland)
> Whilst it is quite correct to say that the REALM isn't the same as a
> DNS domain, there is a correlation between them. The REALM must be the
> DNS domain in uppercase, so this:
>
> SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN
No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD
Its not obligated to have REALM the same as the DnsDomain.
2019 Jan 15
1
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Just to clarify, your hook allows dehydrated to lookup DNS to an internal
Samba (or Bind_DLZ) server for DNS-01 verification in certificate
generation?
Kris Lou
klou at themusiclink.net
On Tue, Jan 15, 2019 at 2:13 AM Jakob Lenfers via samba <
samba at lists.samba.org> wrote:
> Am 14.01.19 um 11:29 schrieb Rowland Penny via samba:
>
> > Whilst it is quite correct to say that
2019 Jan 14
2
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
On Mon, 14 Jan 2019 10:49:43 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai,
>
> Thank you for sharing this very apriciated.
>
> If i may, a few small suggestion, to make is little bit better to
> read/understand.
>
> In this line:
> samba-tool domain exportkeytab
> --principal=dehydrated-service at YOUR.DOMAIN
2017 Aug 22
2
imapsieve: failed to read mailbox attribute
Hello all,
Hopefully this is something fairly simple.
I've been trying to set up the Sieve Antispam system as detailed at
https://wiki2.dovecot.org/HowTo/AntispamWithSieve, but at the moment,
whenever I change mailboxes I get the following message logged:
Aug 22 09:30:45 remy dovecot: imap(darac at darac.org.uk): Error: imapsieve:
mailbox INBOX: Failed to read /shared/imapsieve/script
2017 Aug 22
2
imapsieve: failed to read mailbox attribute
On Tue, Aug 22, 2017 at 01:55:45PM +0300, Aki Tuomi wrote:
>
>
>On 22.08.2017 13:37, Darac Marjal wrote:
>> Hello all,
>>
>> Hopefully this is something fairly simple.
>>
>> I've been trying to set up the Sieve Antispam system as detailed at
>> https://wiki2.dovecot.org/HowTo/AntispamWithSieve, but at the moment,
>> whenever I change mailboxes
2017 Sep 08
1
Dovecot and Letsencrypt certs
On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
> On 08.09.2017 19:51, @lbutlr wrote:
>> How I would do it is IF the certificate is expired, the dovecot should
>> check if there is a new cert and if so, load it.
> New cert as in file modification date or checksum changed?
Either one, but checksum is going to be more reliable.
> Might
2019 Jan 14
1
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: maandag 14 januari 2019 13:21
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs
> and samba dns (was: samba-tool auth in scripts)
>
> On Mon, 14 Jan 2019 13:03:42 +0100
> "L.P.H.
2017 Sep 08
2
Dovecot and Letsencrypt certs
On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
> What is Dovecot supposed to do? Keep track of the certificate expiry
> date? And if that is passed, then what? Automatically shutdown/restart?
> What if the certificate has not been updated in between? I think that
> handling certificates is better left to the administrator.
How I would do it is
2017 Feb 20
2
Problem with Let's Encrypt Certificate
yacinechaouche at yahoo.com writes:
> Interesting. Is there any particular benefit in having only one file
> for both certificate and private key ? I find that putting private key
> in a separate file feels more secure.
It's convenient to have key and cert in one place if you don't need
the certificate to be publically readable. Keeping it in separate
files would add slightly
2017 Feb 17
7
Problem with Let's Encrypt Certificate
Hello Folks,
my StartCom SSL-Certificate expires soon and so I wanted to switch to
Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems not
to like it, although all -tested- other Clients work without any problems.
When I connect with Thunderbird it sends an "Encrypted Alert" directly
after the TLS handshake although Dovecot wants to continue the session.
In the
2019 Jan 14
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Hai,
Thank you for sharing this very apriciated.
If i may, a few small suggestion, to make is little bit better to read/understand.
In this line:
samba-tool domain exportkeytab --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab
@YOUR.DOMAIN could you change this to : @YOUR.REALM
Because of this. ( per example )
DNS domain =
2017 Sep 12
1
Dovecot and Letsencrypt certs
On Tue, 12 Sep 2017, dovecot-request at dovecot.org wrote:
> What's wrong with using a certbot "post-hook" script such as:
>
> #!/bin/bash
> echo "Letsencrypt renewal hook running..."
> echo "RENEWED_DOMAINS=$RENEWED_DOMAINS"
> echo "RENEWED_LINEAGE=$RENEWED_LINEAGE"
>
> if grep --quiet "your.email.domain" <<<
2019 Jan 14
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Hai Rowland,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland Penny via samba
> Verzonden: maandag 14 januari 2019 12:48
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs
> and samba dns (was: samba-tool auth in scripts)
>
> On Mon, 14 Jan 2019 12:13:19 +0100
>
2019 Jan 15
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Am 14.01.19 um 11:29 schrieb Rowland Penny via samba:
> Whilst it is quite correct to say that the REALM isn't the same as a
> DNS domain, there is a correlation between them. The REALM must be the
> DNS domain in uppercase, so this:
> [...]
I'll let you discuss this with Louis, I'm barely following anymore and
try to add everything when you're done ;)
> If you do