similar to: Renewing certificates

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >

I'm using acme.sh to get my Let's Encrypt certificates.? The install command is: acme.sh --installcert -d imap.example.com \ ??????? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ??????? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ??????? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ??????? --reloadcmd???? "systemctl reload

So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot

> On December 26, 2017 at 11:42 PM Kenneth Porter <shiva at sewingwitch.com> wrote: > > > I'm setting up certbot/letsencrypt to provide a certificate for dovecot and > sendmail. Is it necessary to restart dovecot to load the new certificate, > as shown in most examples I find in blogs? That seems rude to established > connections. When does dovecot read the cert

Could you write step by step how you reach the goal? 2018-02-22 15:55 GMT+01:00 Gabriel Kaufmann <mailings at typoworx.com>: > I've tried to create an certbot SAN-Cert with multiple domain-names and > this worked like a charm using one cert for all! Thanks! > > > Best regards > > Gabriel Kaufmann > > -- *Pozdrawiam / Best Regards* *Piotr Bracha*

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process

I'm handling mail for several domains, let's call them a.com, b.com, and c.com. I have certificates for each of these domains individually via certbot (letsencrypt) and nginx is happy with all of that. Since I initially configured the site to handle mail only for a.com, my /etc/postfix/main.cf file currently has these two lines: smtpd_tls_cert_file =

Leo, >> I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. >> I am assuming I'll need to pay a CA to generate what I need, but >> I'm confused about what I need. I am running dovecot at teh moment, >> but my clients (iphone, windows laptops) say my ssl connection is >> not trusted. The phone just won't

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

On Mon, Apr 02, 2018 at 02:34:34PM +0200, Gedalya wrote: > On 04/02/2018 02:25 PM, Jeff Abrahamson wrote: > > I see that the file > > > > .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg > > > > is being created (and one other file, too) but that nginx reports that > > the _directory_ > > > >

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

Hi All - I am running CentOS 7.5 and trying to use certbot. I am getting an error 403 forbidden on the /.well-known/acme-challenge/-CG_gSckofY5ln7TdMvoanDI1_FBRh8otQkyB0hxmoo Some searching indicated permission problems... I also noticed that the /var/www/html directory does not even have the .well-known directory in it. The /var/www/html directory was root:root I changed it to root:apache

Hello fellow CentOS users, I had this cronjob working for many moons on CentOS 7.8.2003: #minute hour mday month wday command 6 6 * * 1 certbot renew --post-hook "cat /etc/letsencrypt/live/raspasy.de/fullchain.pem /etc/letsencrypt/live/ raspasy.de/privkey.pem > /etc/letsencrypt/live/raspasy.de/haproxy.pem; systemctl resstart

Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately.

Hi, I get my Email from my own SMTP server on the internet using "fetchmail". Some time ago I did the smart thing and configured dovecot to use SSL and the letsencrypt certificate that automatically renews. Welllll..... a few days ago my certificate expired and the fetchmail deamon running in the background had nowhere to complain. So I didn't notice. It turns out that dovecot

I am postponing the Apache plugin issue (CentOS is not Certbot friendly) and requesting a standalone, generic certificate. After the command "1: Spin up a temporary webserver" I have the following 2 files in the folder /etc/letsencrypt: -rw-r--r-- 1 root root? 924 Nov 12 11:14 csr/0000_csr-certbot.pem -rw------- 1 root root 1708 Nov 12 11:14 keys/0000_key-certbot.pem The

Hi there. I've been using Dovecot for quite some time now but I just started using Let's Encrypt certs. Since LE certs are renewed automatically without user intervention I'm wondering if I will need to restart dovecot after that renewal... Has anybody had any experience with that? Thanks so much for your help! Ignacio -------------- next part -------------- An HTML attachment was

Kenneth Porter <shiva at sewingwitch.com> writes: > Thanks. Some digging indicates that this is equivalent to doveadm reload. > Both paths ultimately send a SIGHUP to the server which initiates a full > reload of the configuration. > > I'll be combining this with a restart of sendmail. Alas, I don't see a way > to get it to reload its configuration. Should be the