similar to: Renewing certificates

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >

I'm using acme.sh to get my Let's Encrypt certificates.? The install command is: acme.sh --installcert -d imap.example.com \ ??????? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ??????? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ??????? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ??????? --reloadcmd???? "systemctl reload

So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot

> On December 26, 2017 at 11:42 PM Kenneth Porter <shiva at sewingwitch.com> wrote: > > > I'm setting up certbot/letsencrypt to provide a certificate for dovecot and > sendmail. Is it necessary to restart dovecot to load the new certificate, > as shown in most examples I find in blogs? That seems rude to established > connections. When does dovecot read the cert

Could you write step by step how you reach the goal? 2018-02-22 15:55 GMT+01:00 Gabriel Kaufmann <mailings at typoworx.com>: > I've tried to create an certbot SAN-Cert with multiple domain-names and > this worked like a charm using one cert for all! Thanks! > > > Best regards > > Gabriel Kaufmann > > -- *Pozdrawiam / Best Regards* *Piotr Bracha*

On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > The general answere here is try and see, as you could totally test it > on your own. The certificate is read at startup and put in memory for > the rest of the execution time. Dovecot won't monitor the file for > changes on disk, as this would waste CPU cycles and make dovecot only > slower for no reason. The process

I'm handling mail for several domains, let's call them a.com, b.com, and c.com. I have certificates for each of these domains individually via certbot (letsencrypt) and nginx is happy with all of that. Since I initially configured the site to handle mail only for a.com, my /etc/postfix/main.cf file currently has these two lines: smtpd_tls_cert_file =

Leo, >> I would like to obtain an ssl certificate, so I can run my own imap server on a machine in my office. >> I am assuming I'll need to pay a CA to generate what I need, but >> I'm confused about what I need. I am running dovecot at teh moment, >> but my clients (iphone, windows laptops) say my ssl connection is >> not trusted. The phone just won't

Install letsencrypt and request a certificate specifying the webroot of your Icecast server and the host.domain: certbot-auto certonly --webroot --webroot-path /usr/share/icecast2/web/ -d icecast.domain.name Now you should have a certificate for your server, it's only in the wrong format for Icecast, copy the key and the certificate to 1 file with the following cmd: cat

On Mon, Apr 02, 2018 at 02:34:34PM +0200, Gedalya wrote: > On 04/02/2018 02:25 PM, Jeff Abrahamson wrote: > > I see that the file > > > > .well-known/acme-challenge/IT7-YURAep4bniD9zYpKpdRUBQcgCRJ6FflmZzWQGNg > > > > is being created (and one other file, too) but that nginx reports that > > the _directory_ > > > >

That’s what I have been looking for, thanks ! From: Icecast [mailto:icecast-bounces at xiph.org] On Behalf Of Tycho Eggen Sent: donderdag 6 september 2018 22:21 To: Icecast streaming server user discussions Subject: Re: [Icecast] icecast ssl and letsencrypt renewal You can add a posthook to your certbot cronjob: certbot renew —post-hook “/etc/init.d/icecast restart” Or however you restart

Hi All - I am running CentOS 7.5 and trying to use certbot. I am getting an error 403 forbidden on the /.well-known/acme-challenge/-CG_gSckofY5ln7TdMvoanDI1_FBRh8otQkyB0hxmoo Some searching indicated permission problems... I also noticed that the /var/www/html directory does not even have the .well-known directory in it. The /var/www/html directory was root:root I changed it to root:apache

Hello fellow CentOS users, I had this cronjob working for many moons on CentOS 7.8.2003: #minute hour mday month wday command 6 6 * * 1 certbot renew --post-hook "cat /etc/letsencrypt/live/raspasy.de/fullchain.pem /etc/letsencrypt/live/ raspasy.de/privkey.pem > /etc/letsencrypt/live/raspasy.de/haproxy.pem; systemctl resstart

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

Hi all, I have setup icecast to work with letsencrypt ssl certificate, this works fine. But now I am struggling a bit on how to renew the certificate every 3 months. As per letsencrypt recommendation I run a cronjob to check for renewal every day, problem is when there is a new certificate Icecast needs to be restarted to pick it up, as the certificate only seems to be loaded at startup of

Hello, Thanks. Is there another way of doing this? I've got a web server running on 80 and 443. Are there any other options? Thanks. Dave. On 3/3/17, Michael Neurohr <mine at michi.su> wrote: > On 2017-03-03 19:07, David Mehler wrote: >> Hello, >> >> I know some users here are using letsencrypt for their CA. If this is >> to off topic write me privately.

Hi, I get my Email from my own SMTP server on the internet using "fetchmail". Some time ago I did the smart thing and configured dovecot to use SSL and the letsencrypt certificate that automatically renews. Welllll..... a few days ago my certificate expired and the fetchmail deamon running in the background had nowhere to complain. So I didn't notice. It turns out that dovecot

I am postponing the Apache plugin issue (CentOS is not Certbot friendly) and requesting a standalone, generic certificate. After the command "1: Spin up a temporary webserver" I have the following 2 files in the folder /etc/letsencrypt: -rw-r--r-- 1 root root? 924 Nov 12 11:14 csr/0000_csr-certbot.pem -rw------- 1 root root 1708 Nov 12 11:14 keys/0000_key-certbot.pem The

Hi there. I've been using Dovecot for quite some time now but I just started using Let's Encrypt certs. Since LE certs are renewed automatically without user intervention I'm wondering if I will need to restart dovecot after that renewal... Has anybody had any experience with that? Thanks so much for your help! Ignacio -------------- next part -------------- An HTML attachment was

Kenneth Porter <shiva at sewingwitch.com> writes: > Thanks. Some digging indicates that this is equivalent to doveadm reload. > Both paths ultimately send a SIGHUP to the server which initiates a full > reload of the configuration. > > I'll be combining this with a restart of sendmail. Alas, I don't see a way > to get it to reload its configuration. Should be the