You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the servers run for a longer time, they keep running with the older certificates loaded so messages from them keep falling to spam, mail clients don't trust them etc.
Solution
add this to /etc/letsencrypt/cli.ini (create the file if it does not exist):
deploy-hook = service postfix reload && service dovecot reload
pre-hook = service nginx start
post-hook = service nginx stop
Add the last 2 lines only if the mailserver is dedicated (no webserver runs on it normally). It starts the nginx server only for the renewal process and stops it afterwards.
This can be further optimized if you have many certificates on the server (these hooks run for all certs).
deploy-hook runs after a successful renewal.
The text was updated successfully, but these errors were encountered:
vavanade
changed the title
Ensure that postfix and dovecot use a valid certificate
Ensure that postfix and dovecot use a valid certificate after renewal
Mar 28, 2022
Problem
If the servers run for a longer time, they keep running with the older certificates loaded so messages from them keep falling to spam, mail clients don't trust them etc.
Solution
add this to
/etc/letsencrypt/cli.ini
(create the file if it does not exist):Add the last 2 lines only if the mailserver is dedicated (no webserver runs on it normally). It starts the nginx server only for the renewal process and stops it afterwards.
This can be further optimized if you have many certificates on the server (these hooks run for all certs).
deploy-hook
runs after a successful renewal.The text was updated successfully, but these errors were encountered: