"writing a script to check the certs" - there is no need to write any scripts. As one mentioned, it's done by a hook to certbot. Please read the manuals for LE or certbot. The issue you have is quite common and of course certbot designed to do it for you. The manual: https://certbot.eff.org/docs/using.html#renewing-certificates. Thats it. Problem solved.
2017-09-09 0:18 GMT+05:00 @lbutlr <krem...@kreme.com>: > On 08 Sep 2017, at 12:21, Ralph Seichter <m16+dove...@monksofcool.net> wrote: >> On 08.09.2017 19:51, @lbutlr wrote: >>> How I would do it is IF the certificate is expired, the dovecot should >>> check if there is a new cert and if so, load it. > >> New cert as in file modification date or checksum changed? > > Either one, but checksum is going to be more reliable. > >> Might work. Still, from what I seem to remember, Dovecot loads certificate >> data before dropping privileges, which is why reloading the data might be >> problematic without some changes. > > Can't dovecot reload itself? That could be a problem if not. > >> Not worth spending development effort on, IMO, given that Dovecot can easily >> be restarted by the external processes that update the cert (like Certbot >> hook, Ansible, etc.). > > All I'm saying is that it's a failure event that doesn't need to occur. > > -- > Apple broke AppleScripting signatures in Mail.app, so no random signatures.
