Re: [qmailtoaster] iPhone updates / new ssl breaks connection

Wed, 27 Apr 2022 13:18:35 -0700

I run updcert.sh every night (set 'days=X', which is the number of days before expiration at which time the certificate will be updated): 

cat updcert.sh <<EOL

#!/bin/bash

mailcert () {
   cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem > ./servercert.pem    cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak 
   cp ./servercert.pem  /var/qmail/control/servercert.pem
   systemctl reload dovecot
   qmailctl stop && sleep 2 && qmailctl start
}

LOG=/var/log/certs.log
days=3

today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem

for certdom in `ls $certdir`
do
   exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'` 
   off=`date --date="$exp" --utc +%s`
   diff=$(( (off - today)/86400 ))
   echo "Certificate Domain: $certdom, Days to expire: $diff"
   echo ""
   if [ $diff -le $days ]
   then
      certbot renew --cert-name $certdom
      systemctl reload httpd
      [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
   fi
done

exit 0

EOL

On 4/27/2022 1:07 PM, Remo Mattei wrote:

Hi David, can you share your config maybe I ping you offlinee.

Remo


On Apr 26, 2022, at 23:55, David Bray <da...@brayworth.com> wrote:

I'm using Letsencrypt and it renews every - well not sure, is it 10/11 weeks - 
the certs are valid for 3 months

It never has an issue with iOS

Cheers

David Bray
e. da...@brayworth.com

April 27, 2022 1:47 AM, "Remo Mattei" <r...@mattei.org> wrote:


Hello guys,
I got a few of my customers that every year after the upgrade of the SSL cert 
do have issues and
shows cert expired or not valid. I did not have the issue on my iOS, but I just 
wonder if anyone
has seen that and how they planned to overcome to this issue.

Thanks,
Remo
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Reply via email to