I'm using acme.sh to get my Let's Encrypt certificates. The install command is:
acme.sh --installcert -d imap.example.com \
--keypath /etc/pki/dovecot/private/imap.example.com.pem \
--certpath /etc/pki/dovecot/certs/imap.example.com.crt \
--fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \
--reloadcmd "systemctl reload dovecot.service"
Notice the --reloadcmd.
Bill
On 12/26/2017 6:16 PM, Aki Tuomi wrote:
On December 26, 2017 at 11:42 PM Kenneth Porter <[email protected]> wrote:
I'm setting up certbot/letsencrypt to provide a certificate for dovecot and
sendmail. Is it necessary to restart dovecot to load the new certificate,
as shown in most examples I find in blogs? That seems rude to established
connections. When does dovecot read the cert and key files? Once at startup
or each time a connection requests SSL? Is there a preferred locking
protocol when changing the two files to keep dovecot from reading one while
the other is being replaced and getting a mismatched pair?
doveadm reload should be enough.
Aki
