Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-31 Thread raf
On Fri, Apr 01, 2022 at 12:48:57AM +1000, Nikolai Lusan wrote: > Hey, > > On Wed, 2022-03-30 at 17:35 +1100, raf wrote: > > > > Postfix picks up new certificates soon enough > > (controlled by the max_idle and max_use parameters). > > > > Did you have smtpd_tls_chain_files set to an old > > k

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-31 Thread Viktor Dukhovni
> On 31 Mar 2022, at 10:48 am, Nikolai Lusan wrote: > > The process I use to update my certificates uses rsync to overwrite the > old certs/keys with the new ones. My thought process initially was that > restarting postfix would have it pick up the new files - eventually by > inspecting the relev

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-31 Thread Nikolai Lusan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hey, On Wed, 2022-03-30 at 17:35 +1100, raf wrote: > > Postfix picks up new certificates soon enough > (controlled by the max_idle and max_use parameters). > > Did you have smtpd_tls_chain_files set to an old > key/cert, as well as smtpd_tls_cert_

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-29 Thread raf
On Tue, Mar 29, 2022 at 10:20:09PM +1000, Nikolai Lusan wrote: > Hi, > > Just going to say I banged my head against this wall for months on end - > every time I updated certificates (using letsencrypt it's pretty > frequent) postfix showed the new certs as active - but external tests > still sh

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-29 Thread Nikolai Lusan
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Just going to say I banged my head against this wall for months on end - every time I updated certificates (using letsencrypt it's pretty frequent) postfix showed the new certs as active - but external tests still showed certs from over a year a

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-28 Thread raf
On Mon, Mar 28, 2022 at 12:27:18AM -0400, Viktor Dukhovni wrote: > On Mon, Mar 28, 2022 at 03:23:55PM +1100, raf wrote: > > > I just tried this (debian-11, postfix-3.5.6) > > and was surprised by the effect: > > > > postfix tls new-server-key > > postfix tls deploy-server-cert /etc/postfix

Re: unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-27 Thread Viktor Dukhovni
On Mon, Mar 28, 2022 at 03:23:55PM +1100, raf wrote: > I just tried this (debian-11, postfix-3.5.6) > and was surprised by the effect: > > postfix tls new-server-key > postfix tls deploy-server-cert /etc/postfix/cert-20220328-033631.pem > /etc/postfix/key-20220328-033631.pem > > The main.cf

unexpected: postfix tls deploy-server-cert + smtpd_tls_chain_files

2022-03-27 Thread raf
Hi, I just tried this (debian-11, postfix-3.5.6) and was surprised by the effect: postfix tls new-server-key postfix tls deploy-server-cert /etc/postfix/cert-20220328-033631.pem /etc/postfix/key-20220328-033631.pem The main.cf file originally contained: smtpd_tls_chain_files = /etc/p