similar to: Dovecot and Letsencrypt certs

Robert Wolf wrote on 13/09/2017 10:26: > are you sure? What is the refresh time? Instantly or with some delay? Have you > tested what happens if I install new key, but I delay installing correct > certificate? Does postfix keep the old key+cert or stop using any cert because > the new key is not correct for the current(old) certificate? > > On my postfix 2.9.6 on debian wheezy

On Tue, 12 Sep 2017, dovecot-request at dovecot.org wrote: > What's wrong with using a certbot "post-hook" script such as: > > #!/bin/bash > echo "Letsencrypt renewal hook running..." > echo "RENEWED_DOMAINS=$RENEWED_DOMAINS" > echo "RENEWED_LINEAGE=$RENEWED_LINEAGE" > > if grep --quiet "your.email.domain" <<<

<master at remort.net> writes: > "writing a script to check the certs" - there is no need to write any > scripts. As one mentioned, it's done by a hook to certbot. Please read > the manuals for LE or certbot. The issue you have is quite common and > of course certbot designed to do it for you. Won't work, of course, if you employ the least-privilege security

On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote: > On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > > The general answere here is try and see, as you could totally test it > > on your own. The certificate is read at startup and put in memory for > > the rest of the execution time. Dovecot won't monitor the file for > > changes on

> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews the certificate. > > I know the cert has been updated because the mail clients asks me if I trust the certificate. > > If it makes a difference I use the bash LetsEncrypt not the Python code. I don't like all those dependencies certbot (python) installs, but it works flawlessly on CentOS. On

On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > On 08.09.2017 19:51, @lbutlr wrote: >> How I would do it is IF the certificate is expired, the dovecot should >> check if there is a new cert and if so, load it. > New cert as in file modification date or checksum changed? Either one, but checksum is going to be more reliable. > Might

On 08.09.2017 16:20, LuKreme wrote: > That is a great solution, but I think it?s probably easier to just > kick dovecot once a month. Certbot hooks are very easy to write, and are only executed when the certificate is updated. In that light, I can see no advantage in "kick dovecot once a month". ;-) > However, it seems like checking the certs is something that dovecot >

On 08.09.2017 19:51, @lbutlr wrote: > How I would do it is IF the certificate is expired, the dovecot should > check if there is a new cert and if so, load it. New cert as in file modification date or checksum changed? Might work. Still, from what I seem to remember, Dovecot loads certificate data before dropping privileges, which is why reloading the data might be problematic without some

On Sep 8, 2017, at 07:56, Darac Marjal <mailinglist at darac.org.uk> wrote: > #!/bin/bash > > set -e > set -u > set -o pipefail > > if [[ ${1} == "deploy_cert" && ${2} == "mail.darac.org.uk" ]]; then > echo " + Hook: Restarting Dovecot..." > /usr/sbin/service dovecot restart > fi

On 2017-03-03 19:07, David Mehler wrote: > Hello, > > I know some users here are using letsencrypt for their CA. If this is > to off topic write me privately. > > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately.

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

On 08 Sep 2017, at 10:08, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > What is Dovecot supposed to do? Keep track of the certificate expiry > date? And if that is passed, then what? Automatically shutdown/restart? > What if the certificate has not been updated in between? I think that > handling certificates is better left to the administrator. How I would do it is

Hello, How did you get icecast and letsencrypt certificates working? Thanks. Dave. On 9/6/18, _zer0_ gravity <zer0___ at hotmail.com> wrote: > That’s what I have been looking for, thanks ! > > From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen > Sent: donderdag 6 september 2018 22:21 > To: Icecast streaming server user discussions > Subject: Re:

On Tue, 12 Sep 2017, Daniel Miller wrote: > And remove that "postfix reload" command - Postfix doesn't require explicit > reloading. It'll pickup the changed cert automagically. > > Daniel Hoi Daniel, are you sure? What is the refresh time? Instantly or with some delay? Have you tested what happens if I install new key, but I delay installing correct

You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart icecast On Thu, Sep 6, 2018 at 13:05 _zer0_ gravity <zer0___ at hotmail.com> wrote: > Hi all, > > > > I have setup icecast to work with letsencrypt ssl certificate, this works > fine. > > But now I am struggling a bit on how to renew the

David Mehler <dave.mehler at gmail.com> writes: > I'm wanting letsencrypt to take over as my CA, replacing existing self > signed certificates. I've got web working, a certificate for https > sites and one for webmail as they have different names. What I'm now > wanting to do is get letsencrypt going for my email setup, the smtp > handled by postfix, but mail, and

:) Rgds/DP 9849111010 Sent from my iPhone. Pls excuse brevity and typos if any. > On 15-Jul-2018, at 5:00 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > certbot clearly hates me > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: "B. Reino" <reinob at bbmk.org> > Date: 15/07/2018 11:49 (GMT+02:00) >