Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that postfix and dovecot use a valid certificate after renewal #205

Closed
vavanade opened this issue Mar 28, 2022 · 0 comments
Closed

Ensure that postfix and dovecot use a valid certificate after renewal #205

vavanade opened this issue Mar 28, 2022 · 0 comments

Comments

@vavanade
Copy link

Problem

If the servers run for a longer time, they keep running with the older certificates loaded so messages from them keep falling to spam, mail clients don't trust them etc.

Solution

add this to /etc/letsencrypt/cli.ini (create the file if it does not exist):

deploy-hook = service postfix reload && service dovecot reload
pre-hook = service nginx start
post-hook = service nginx stop

Add the last 2 lines only if the mailserver is dedicated (no webserver runs on it normally). It starts the nginx server only for the renewal process and stops it afterwards.

This can be further optimized if you have many certificates on the server (these hooks run for all certs).

deploy-hook runs after a successful renewal.
@vavanade vavanade changed the title Ensure that postfix and dovecot use a valid certificate Ensure that postfix and dovecot use a valid certificate after renewal Mar 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vavanade