Re: Feature request.
On Fri, Oct 09, 2020 at 07:55:53AM -0400, David Morsberger wrote: > To configure a renew hook, add the following to the configuration file: > > renew-hook = /root/bin/certbot-renew > Next, create the renew hook script at /root/bin/certbot-renew with the > following contents: > > #!/bin/sh > systemctl reload postfix > systemctl reload dovecot My suggestion is that you make a /etc/certbot/reload-hooks/ directory and then use run-parts /etc/certbot/reload-hooks/ as the hook and put #!/bin/sh systemctl reload postfix #!/bin/sh systemctl reload dovecot as separate scritps in there. Now, postfix can come with its own /etc/certbot/reload-hooks/010-postfix and similar for dovecot. And certbot can start shipping with an empty directory and that run-parts preconfigured! Now all that's left is to submit this to the various maintainers so that we don't have to do this manually every time a reinstall happens. Roger. -- ** r.e.wo...@bitwizard.nl ** https://www.BitWizard.nl/ ** +31-15-2049110 ** **Delftechpark 11 2628 XJ Delft, The Netherlands. KVK: 27239233** f equals m times a. When your f is steady, and your m is going down your a is going up. -- Chris Hadfield about flying up the space shuttle.
Re: Feature request.
On Fri, Oct 09, 2020 at 11:21:09AM +0300, Aki Tuomi wrote: > > > On 09/10/2020 11:16 Rogier Wolff wrote: > > So Feature request: check the expiry date on the SSL certificate > > as it is being loaded and check for a new certificate if it HAS > > expired. > That is indeed old version, but no, there is no automatic > certificate reloading in Dovecot yet. This has been suggested > before, and we have it in our internal issue tracker, but > unfortunately I can't promise any date when it will be done. Ok. I'm glad it is noted somewhere and that hopefully someday someone will get to it. Once a problem is known the solution is often easy. So for example I spent time figuring out why dovecot was rejecting the fetchmail SSL certificate, while in fact it was the other way around. When my certificate next expires I'll probably NOT find out that my fix works or not. It'll go smoothly and I'll have forgotten about it. So no "date" on it is not a problem for me. I'm happy if my report helps put something on the radar and makes things better over time. On Friday: Marc Roos wrote: > Does a dovecot reload not do that? You mean a reload as opposed to a restart? Maybe. So a restart might be more expensive, but my server is way overpowered and can handle the restart. Roger. -- ** r.e.wo...@bitwizard.nl ** https://www.BitWizard.nl/ ** +31-15-2049110 ** **Delftechpark 11 2628 XJ Delft, The Netherlands. KVK: 27239233** f equals m times a. When your f is steady, and your m is going down your a is going up. -- Chris Hadfield about flying up the space shuttle.
Feature request.
Hi, I get my Email from my own SMTP server on the internet using "fetchmail". Some time ago I did the smart thing and configured dovecot to use SSL and the letsencrypt certificate that automatically renews. Wel. a few days ago my certificate expired and the fetchmail deamon running in the background had nowhere to complain. So I didn't notice. It turns out that dovecot had been running uninterrupted since august 13th, the certificate was renewed on september 7th and I suspect it expired on october 7th. So Feature request: check the expiry date on the SSL certificate as it is being loaded and check for a new certificate if it HAS expired. If you worry about performance, this could be done where: TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45 is reported. That would mean that ONE client will once get the error before dovecot fixes it. My personal fix is to restart dovecot once a week from now on. I might be running an older version: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-34-generic x86_64 Ubuntu 18.04.5 LTS if it has already been fixed, please accept my apologies. Roger. -- ** r.e.wo...@bitwizard.nl ** https://www.BitWizard.nl/ ** +31-15-2049110 ** **Delftechpark 11 2628 XJ Delft, The Netherlands. KVK: 27239233** f equals m times a. When your f is steady, and your m is going down your a is going up. -- Chris Hadfield about flying up the space shuttle.