Displaying 20 results from an estimated 4000 matches similar to: "Dovecot and Letsencrypt certs"
2017 Sep 11
1
Dovecot and Letsencrypt certs
<master at remort.net> writes:
> "writing a script to check the certs" - there is no need to write any
> scripts. As one mentioned, it's done by a hook to certbot. Please read
> the manuals for LE or certbot. The issue you have is quite common and
> of course certbot designed to do it for you.
Won't work, of course, if you employ the least-privilege security
2017 Sep 12
2
Dovecot and Letsencrypt certs
And remove that "postfix reload" command - Postfix doesn't require
explicit reloading. It'll pickup the changed cert automagically.
Daniel
On 9/12/2017 9:26 AM, Daniel Miller wrote:
> What's wrong with using a certbot "post-hook" script such as:
>
> #!/bin/bash
> echo "Letsencrypt renewal hook running..."
> echo
2020 Oct 09
2
Feature request.
> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate.
>
> I know the cert has been updated because the mail clients asks me if I trust the certificate.
>
> If it makes a difference I use the bash LetsEncrypt not the Python code.
I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS.
On
2019 Mar 14
4
Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
> The general answere here is try and see, as you could totally test it
> on your own. The certificate is read at startup and put in memory for
> the rest of the execution time. Dovecot won't monitor the file for
> changes on disk, as this would waste CPU cycles and make dovecot only
> slower for no reason. The process
2019 Mar 14
0
Re: Am I right to assume certificate renewal with the same filename requires a dovecot reload/restart
On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote:
> On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote:
> > The general answere here is try and see, as you could totally test it
> > on your own. The certificate is read at startup and put in memory for
> > the rest of the execution time. Dovecot won't monitor the file for
> > changes on
2018 Sep 15
1
icecast ssl and letsencrypt renewal
Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain:
certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name
Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd:
cat
2018 Sep 06
2
icecast ssl and letsencrypt renewal
That’s what I have been looking for, thanks !
From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
Sent: donderdag 6 september 2018 22:21
To: Icecast streaming server user discussions
Subject: Re: [Icecast] icecast ssl and letsencrypt renewal
You can add a posthook to your certbot cronjob:
certbot renew —post-hook “/etc/init.d/icecast restart”
Or however you restart
2017 Sep 08
1
Dovecot and Letsencrypt certs
On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
> On 08.09.2017 19:51, @lbutlr wrote:
>> How I would do it is IF the certificate is expired, the dovecot should
>> check if there is a new cert and if so, load it.
> New cert as in file modification date or checksum changed?
Either one, but checksum is going to be more reliable.
> Might
2018 Sep 06
2
icecast ssl and letsencrypt renewal
Hi all,
I have setup icecast to work with letsencrypt ssl certificate, this works fine.
But now I am struggling a bit on how to renew the certificate every 3 months.
As per letsencrypt recommendation I run a cronjob to check for renewal every day,
problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of
2017 Mar 03
3
letsencrypt
Hello,
Thanks. Is there another way of doing this? I've got a web server
running on 80 and 443. Are there any other options?
Thanks.
Dave.
On 3/3/17, Michael Neurohr <mine at michi.su> wrote:
> On 2017-03-03 19:07, David Mehler wrote:
>> Hello,
>>
>> I know some users here are using letsencrypt for their CA. If this is
>> to off topic write me privately.
2017 Sep 13
1
Dovecot and Letsencrypt certs
Robert Wolf wrote on 13/09/2017 10:26:
> are you sure? What is the refresh time? Instantly or with some delay? Have you
> tested what happens if I install new key, but I delay installing correct
> certificate? Does postfix keep the old key+cert or stop using any cert because
> the new key is not correct for the current(old) certificate?
>
> On my postfix 2.9.6 on debian wheezy
2017 Sep 08
5
Dovecot and Letsencrypt certs
So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate.
I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November.
After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything.
Should dovecot
2018 Jul 15
3
Letsencrypt certificate for repo.dovecot.org expired May 14th..
Dear Aki,
I think the renewal failed again. The SSL certificate expired Saturday,
14 July 2018.
This affects (at least) the repo.dovecot.org website and debian
repository.
Thanks,
Bernardo.
On 2018-05-15 08:15, Aki Tuomi wrote:
> On 15.05.2018 09:14, B. Reino wrote:
>> Dear all,
>>
>> Just in case you've missed it, the certificate for repo.dovecot.org
>> just
2017 Sep 08
2
Dovecot and Letsencrypt certs
On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote:
> What is Dovecot supposed to do? Keep track of the certificate expiry
> date? And if that is passed, then what? Automatically shutdown/restart?
> What if the certificate has not been updated in between? I think that
> handling certificates is better left to the administrator.
How I would do it is
2017 Mar 03
0
letsencrypt
> Thanks. Is there another way of doing this? I've got a web server
> running on 80 and 443. Are there any other options?
I'm getting this list in digest mode, so it's possible by the time this
gets to you, I will have repeated someone else' suggestion.
In this situation, where your dovecot server lives on the same host as a
web server (wembail?), and this web server is
2018 Sep 06
0
icecast ssl and letsencrypt renewal
Hello,
How did you get icecast and letsencrypt certificates working?
Thanks.
Dave.
On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote:
> That’s what I have been looking for, thanks !
>
> From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen
> Sent: donderdag 6 september 2018 22:21
> To: Icecast streaming server user discussions
> Subject: Re:
2018 Sep 06
0
icecast ssl and letsencrypt renewal
You can add a posthook to your certbot cronjob:
certbot renew —post-hook “/etc/init.d/icecast restart”
Or however you restart icecast
On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at hotmail.com> wrote:
> Hi all,
>
>
>
> I have setup icecast to work with letsencrypt ssl certificate, this works
> fine.
>
> But now I am struggling a bit on how to renew the
2020 Oct 09
3
Feature request.
On 09/10/2020 11:50, Plutocrat wrote:
> On 09/10/2020 4:16 pm, Rogier Wolff wrote:
>> It turns out that dovecot had been running uninterrupted since august
>> 13th, the certificate was renewed on september 7th and I suspect it
>> expired on october 7th.
> I guess you could do a few things yourself to make sure the cert is valid. Thinking out loud:
>
> - Blunt
2019 Jan 10
3
repo.dovecot.org expired certificate
Yup, that did the trick.
Thanks!
Filipe
On 1/10/19 7:47 AM, Aki Tuomi wrote:
>
>
> On 10.1.2019 9.42, Filipe Carvalho wrote:
>>
>> Hello,
>>
>> Not sure if this is the right place to post this, but the ssl
>> certificate of the repo.dovecot.org server expired on the 9th of January.
>>
>> It's giving an error via the browser and via the apt
2017 Sep 08
0
Dovecot and Letsencrypt certs
On 08.09.2017 16:20, LuKreme wrote:
> That is a great solution, but I think it?s probably easier to just
> kick dovecot once a month.
Certbot hooks are very easy to write, and are only executed when the
certificate is updated. In that light, I can see no advantage in "kick
dovecot once a month". ;-)
> However, it seems like checking the certs is something that dovecot
>