Re: Renewing certificates
Kenneth Porterwrites: Thanks. Some digging indicates that this is equivalent to doveadm reload. Both paths ultimately send a SIGHUP to the server which initiates a full reload of the configuration. I'll be combining this with a restart of sendmail. Alas, I don't see a way to get it to reload its configuration. Should be the same way: send a SIGHUP signal to the parent process. http://etutorials.org/Server+Administration/Sendmail/Part+II+Administration/Chapter+14.+Signals+Transactions+and+Syslog/SIGHUP/ I'm not sure whether this will cause the sendmail worker processes to dump their cients, but if it did, SMTP is fault tolerant enough that delivery should be retried later. Joseph Tam
Re: Renewing certificates
--On Wednesday, December 27, 2017 9:24 AM -0500 Bill Shirleywrote: --reloadcmd "systemctl reload dovecot.service" Notice the --reloadcmd. Thanks. Some digging indicates that this is equivalent to doveadm reload. Both paths ultimately send a SIGHUP to the server which initiates a full reload of the configuration. I'll be combining this with a restart of sendmail. Alas, I don't see a way to get it to reload its configuration.
Re: Renewing certificates
I'm using acme.sh to get my Let's Encrypt certificates. The install command is: acme.sh --installcert -d imap.example.com \ --keypath /etc/pki/dovecot/private/imap.example.com.pem \ --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ --reloadcmd "systemctl reload dovecot.service" Notice the --reloadcmd. Bill On 12/26/2017 6:16 PM, Aki Tuomi wrote: On December 26, 2017 at 11:42 PM Kenneth Porterwrote: I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing the two files to keep dovecot from reading one while the other is being replaced and getting a mismatched pair? doveadm reload should be enough. Aki
Re: Renewing certificates
> On December 26, 2017 at 11:42 PM Kenneth Porterwrote: > > > I'm setting up certbot/letsencrypt to provide a certificate for dovecot and > sendmail. Is it necessary to restart dovecot to load the new certificate, > as shown in most examples I find in blogs? That seems rude to established > connections. When does dovecot read the cert and key files? Once at startup > or each time a connection requests SSL? Is there a preferred locking > protocol when changing the two files to keep dovecot from reading one while > the other is being replaced and getting a mismatched pair? doveadm reload should be enough. Aki
Renewing certificates
I'm setting up certbot/letsencrypt to provide a certificate for dovecot and sendmail. Is it necessary to restart dovecot to load the new certificate, as shown in most examples I find in blogs? That seems rude to established connections. When does dovecot read the cert and key files? Once at startup or each time a connection requests SSL? Is there a preferred locking protocol when changing the two files to keep dovecot from reading one while the other is being replaced and getting a mismatched pair?