Only because others are talking security and LetEncrypt… I put together a script that I run AFTER certbot renew checks are run. Figured I would include it here for the Qmail community to use:
[root@mail7 ~]# more copy_letsencrypt_files.sh #!/bin/bash # # Script to copy lets encrypt files to the right area and restart the needed services. # # Initial concept by RCC 06/08.2018 # # Test if the letsencrypt live cert.pem file was changed in the last 24 hours... # if test `find "/etc/letsencrypt/live/secure.carlc.com/cert.pem" -mmin +1440` then echo "Cert file is older than 1440 test minutes (24 hours)... STOP!" exit fi echo "Get to work, New cert file is younger than 1440 minutes (24 hours)..." # # # Dovecot just needs a restart as they are using the /etc/letsencrypt/live files already # /usr/sbin/service dovecot restart # # Qmail SMTP-SSL # # Create a new /var/qmail/control/servercert.pem-NEW # # NOTE: order is critical, start with private key, then URL cert, then any intermediate files. # cat /etc/letsencrypt/live/secure.carlc.com/privkey.pem > /var/qmail/control/servercert.pem-NEW cat /etc/letsencrypt/live/secure.carlc.com/cert.pem >> /var/qmail/control/servercert.pem-NEW cat /etc/letsencrypt/live/secure.carlc.com/chain.pem >> /var/qmail/control/servercert.pem-NEW # # Swap out files, move current to OLD then NEW to current # mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem-OLD mv /var/qmail/control/servercert.pem-NEW /var/qmail/control/servercert.pem chmod 644 /var/qmail/control/servercert.pem chown root.vchkpw /var/qmail/control/servercert.pem # # Need to restart QMAIL # /etc/rc.d/init.d/qmail restart # # Webmin (thank you QMAIL, we can use the new PEM file as it's the same format) # /usr/sbin/service webmin stop cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem /usr/sbin/service webmin start # # # Obviously, make changes where you need to :) … I’ve had this on a few production QMail CentOS 7 servers [with secure.carlc.com changed to the servers main FQDN]. If this helps anyone, I’m happy. Carl