similar to: Dovecot and Letsencrypt certs

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >

On Sep 8, 2017, at 07:56, Darac Marjal <mailinglist at darac.org.uk> wrote: > #!/bin/bash > > set -e > set -u > set -o pipefail > > if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then > echo " + Hook: Restarting Dovecot..." > /usr/sbin/service dovecot restart > fi

On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutlr wrote: >So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. > >I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. > >After some moments of confusion I noticed that dovecot had been running since before the renewal, so I

"I think it?s probably easier to just kick dovecot once a month." - that's not good from system administration's point of view. You can get into trouble when certificate is renewed but dovecot isn't reloaded yet. And, doing something via cron just by-guess, once a month - is a no no logic. "it seems like checking the certs is something that dovecot should be doing on its

On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future

Not sure if anyone will find this useful, but this is how I deleted a bunch (several hundred) of empty mail folders from a user account: # doveadm mailbox status -u ?user at example.com" messages "*" ALL | grep "=0" | awk -F= '{print $1}' | awk '{print "rm -rf ."$1}' > list then I looked over list just to be sure it wasn?t mucked up and in

(@Rowland) > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > > SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD Its not obligated to have REALM the same as the DnsDomain.

Just to clarify, your hook allows dehydrated to lookup DNS to an internal Samba (or Bind_DLZ) server for DNS-01 verification in certificate generation? Kris Lou klou at themusiclink.net On Tue, Jan 15, 2019 at 2:13 AM Jakob Lenfers via samba < samba at lists.samba.org> wrote: > Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > > > Whilst it is quite correct to say that

On Mon, 14 Jan 2019 10:49:43 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Thank you for sharing this very apriciated. > > If i may, a few small suggestion, to make is little bit better to > read/understand. > > In this line: > samba-tool domain exportkeytab > --principal=dehydrated-service at YOUR.DOMAIN

Hello all, Hopefully this is something fairly simple. I've been trying to set up the Sieve Antispam system as detailed at https://wiki2.dovecot.org/HowTo/AntispamWithSieve, but at the moment, whenever I change mailboxes I get the following message logged: Aug 22 09:30:45 remy dovecot: imap(darac at darac.org.uk): Error: imapsieve: mailbox INBOX: Failed to read /shared/imapsieve/script

On Tue, Aug 22, 2017 at 01:55:45PM +0300, Aki Tuomi wrote: > > >On 22.08.2017 13:37, Darac Marjal wrote: >> Hello all, >> >> Hopefully this is something fairly simple. >> >> I've been trying to set up the Sieve Antispam system as detailed at >> https://wiki2.dovecot.org/HowTo/AntispamWithSieve, but at the moment, >> whenever I change mailboxes

On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > On 08.09.2017 19:51, @lbutlr wrote: >> How I would do it is IF the certificate is expired, the dovecot should >> check if there is a new cert and if so, load it. > New cert as in file modification date or checksum changed? Either one, but checksum is going to be more reliable. > Might

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 13:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 13:03:42 +0100 > "L.P.H.

On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > What is Dovecot supposed to do? Keep track of the certificate expiry > date? And if that is passed, then what? Automatically shutdown/restart? > What if the certificate has not been updated in between? I think that > handling certificates is better left to the administrator. How I would do it is

yacinechaouche at yahoo.com writes: > Interesting. Is there any particular benefit in having only one file > for both certificate and private key ? I find that putting private key > in a separate file feels more secure. It's convenient to have key and cert in one place if you don't need the certificate to be publically readable. Keeping it in separate files would add slightly

Hello Folks, my StartCom SSL-Certificate expires soon and so I wanted to switch to Let's Encrypt Certificates instead. Unfortunatelly Thunderbird seems not to like it, although all -tested- other Clients work without any problems. When I connect with Thunderbird it sends an "Encrypted Alert" directly after the TLS handshake although Dovecot wants to continue the session. In the

Hai, Thank you for sharing this very apriciated. If i may, a few small suggestion, to make is little bit better to read/understand. In this line: samba-tool domain exportkeytab --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab @YOUR.DOMAIN could you change this to : @YOUR.REALM Because of this. ( per example ) DNS domain =

On Tue, 12 Sep 2017, dovecot-request at dovecot.org wrote: > What's wrong with using a certbot "post-hook" script such as: > > #!/bin/bash > echo "Letsencrypt renewal hook running..." > echo "RENEWED_DOMAINS=$RENEWED_DOMAINS" > echo "RENEWED_LINEAGE=$RENEWED_LINEAGE" > > if grep --quiet "your.email.domain" <<<

Hai Rowland, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 12:48 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 12:13:19 +0100 >

Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > [...] I'll let you discuss this with Louis, I'm barely following anymore and try to add everything when you're done ;) > If you do