Letsencrypt certificates are fine for email servers, I've been using
them for several years.
I initially had this same problem.
Spamassassin/qmail starts a new instance with each new SMTP connection,
so when a new cert is saved it starts getting used on the next SMTP
connection.
However, dovecot is a long running daemon and therefore does not work
like that. The script which renews the letsencrypt cert must afterwards
restart dovecot so that the daemon will load the new cert. That is why
your email clients are complaining.
You can confirm this by using openssl s_client to connect to SMTP and
then to pop/imap, and you will likely see that spamassassin/qmail is
using your new certificate while dovecot is using the old.
-Andy
On 4/29/2020 1:59 AM, Peter Peterse wrote:
Hi,
Are the dovecot and qmail services restarted?
Regarts,
Peter
Solo <[email protected]> schreef op 29 april 2020 11:42:10 CEST:
Hi.
I think Letsencrypt are for websites/servers and not for the specifik
email which require another type of certificate than Letsencrypt issues
- usually that is set up when qmail is installed (openssl) and placed
/var/qmail/....
/Finn vB
Den 29-04-2020 kl. 10:52 skrev ChandranManikandan:
Hi Remo,
FYI
ssl_cert = </etc/letsencrypt/live/panasiagroup.net/fullchain.pem
<http://panasiagroup.net/fullchain.pem>
ssl_key = </etc/letsencrypt/live/panasiagroup.net/privkey.pem
<http://panasiagroup.net/privkey.pem>
# the following will likely be the default at some point
ssl_dh_parameters_length = 2048
On Wed, Apr 29, 2020 at 11:48 AM Remo Mattei <[email protected]
<mailto:[email protected]>> wrote:
You need to check the /etc/dovecot/toaster.conf file that’s where
the cert for outlook and thunder lives.
Remo
On Apr 28, 2020, at 20:38, ChandranManikandan <[email protected]
<mailto:[email protected]>> wrote:
Hi Friends,
certbot renew command showing below message
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
Processing /etc/letsencrypt/renewal/xxx.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
Cert not yet due for renewal
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - -
- - - - - - -
The following certs are not due for renewal yet:
/etc/letsencrypt/live/xxx.com/fullchain.pem
<http://xxx.com/fullchain.pem> expires on 2020-06-27 (skipped)
No renewals were attempted.
- - - - - - - - - - - - - - -
But outlook, thunderbird showing the certificate issue and
certificate expire date is showing 28-Apr-2020 in thunderbird,
I have checked in website in the same certificate expiry date is
showing 27-06-2020.
Do i anything done mistake.
How do i check and fix the above issue.
Could anyone help me.
Appreciate your help.
Note: Centos 7 with qmailtoaster
--
*/Regards,
Manikandan.C
/*
--
*/Regards,
Manikandan.C
/*
------------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
--
Verstuurd vanaf mijn Android apparaat met K-9 Mail. Excuseer mijn
beknoptheid.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
