similar to: Dovecot and Letsencrypt certs

And remove that "postfix reload" command - Postfix doesn't require explicit reloading. It'll pickup the changed cert automagically. Daniel On 9/12/2017 9:26 AM, Daniel Miller wrote: > What's wrong with using a certbot "post-hook" script such as: > > #!/bin/bash > echo "Letsencrypt renewal hook running..." > echo

On Tue, 12 Sep 2017, dovecot-request at dovecot.org wrote: > What's wrong with using a certbot "post-hook" script such as: > > #!/bin/bash > echo "Letsencrypt renewal hook running..." > echo "RENEWED_DOMAINS=$RENEWED_DOMAINS" > echo "RENEWED_LINEAGE=$RENEWED_LINEAGE" > > if grep --quiet "your.email.domain" <<<

> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate. > > I know the cert has been updated because the mail clients asks me if I trust the certificate. > > If it makes a difference I use the bash LetsEncrypt not the Python code. I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS. On

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process

On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > On 08.09.2017 19:51, @lbutlr wrote: >> How I would do it is IF the certificate is expired, the dovecot should >> check if there is a new cert and if so, load it. > New cert as in file modification date or checksum changed? Either one, but checksum is going to be more reliable. > Might

On Sep 8, 2017, at 07:56, Darac Marjal <mailinglist at darac.org.uk> wrote: > #!/bin/bash > > set -e > set -u > set -o pipefail > > if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then > echo " + Hook: Restarting Dovecot..." > /usr/sbin/service dovecot restart > fi

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately.

Robert Wolf wrote on 13/09/2017 10:26: > are you sure? What is the refresh time? Instantly or with some delay? Have you > tested what happens if I install new key, but I delay installing correct > certificate? Does postfix keep the old key+cert or stop using any cert because > the new key is not correct for the current(old) certificate? > > On my postfix 2.9.6 on debian wheezy

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > What is Dovecot supposed to do? Keep track of the certificate expiry > date? And if that is passed, then what? Automatically shutdown/restart? > What if the certificate has not been updated in between? I think that > handling certificates is better left to the administrator. How I would do it is

On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote: > On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > > The general answere here is try and see, as you could totally test it > > on your own. The certificate is read at startup and put in memory for > > the rest of the execution time. Dovecot won't monitor the file for > > changes on

On 08.09.2017 16:20, LuKreme wrote: > That is a great solution, but I think it?s probably easier to just > kick dovecot once a month. Certbot hooks are very easy to write, and are only executed when the certificate is updated. In that light, I can see no advantage in "kick dovecot once a month". ;-) > However, it seems like checking the certs is something that dovecot >

On 08.09.2017 19:51, @lbutlr wrote: > How I would do it is IF the certificate is expired, the dovecot should > check if there is a new cert and if so, load it. New cert as in file modification date or checksum changed? Might work. Still, from what I seem to remember, Dovecot loads certificate data before dropping privileges, which is why reloading the data might be problematic without some

Hello, I know some users here are using letsencrypt for their CA. If this is to off topic write me privately. I'm wanting letsencrypt to take over as my CA, replacing existing self signed certificates. I've got web working, a certificate for https sites and one for webmail as they have different names. What I'm now wanting to do is get letsencrypt going for my email setup, the smtp

Hello fellow CentOS users, I had this cronjob working for many moons on CentOS 7.8.2003: #minute hour mday month wday command 6 6 * * 1 certbot renew --post-hook "cat /etc/letsencrypt/live/raspasy.de/fullchain.pem /etc/letsencrypt/live/ raspasy.de/privkey.pem > /etc/letsencrypt/live/raspasy.de/haproxy.pem; systemctl resstart

On 2017-03-03 19:07, David Mehler wrote: > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What

Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of

Yup, that did the trick. Thanks! Filipe On 1/10/19 7:47 AM, Aki Tuomi wrote: > > > On 10.1.2019 9.42, Filipe Carvalho wrote: >> >> Hello, >> >> Not sure if this is the right place to post this, but the ssl >> certificate of the repo.dovecot.org server expired on the 9th of January. >> >> It's giving an error via the browser and via the apt

On 11/12/2020 10:44 AM, Raymond Herrera wrote: > Following the advice obtained here, I am trying to get a LetsEncrypt > certificate. > > These are the instructions: > > Step 1: > https://snapcraft.io/docs/installing-snapd > > Step 2: > https://certbot.eff.org/lets-encrypt/centosrhel7-apache > > My problem is this error message: > > # snap install