[BlueOnyx:26010] Re: service restart after letsencrypt renewal

[Michael Stauber]

Hi Christoph,

> Just had 5210R that renewed properly its letsencrypt cert on 26. Feb. 
> Today I found that dovecot was still using the old cert and that expired 
> today. A restart of dovecot solved that quickly. Though everything else 
> (sendmail, adm-srv, apache) was already using the new cert.
> 
> In /var/log/letsencrypt/letsencrypt.log I saw that the script 
> /usr/sausalito/sbin/reload_webservers.pl gets called after successful 
> renewal, but that one seems to only restart the web- and adm-server to 
> use the renewed certificate.
> 
> On the other hand, I never saw this problem before and I am using quite 
> a few LE certs with dovecot on BlueOnyx so I was wondering if something 
> else triggers a reload of dovecot upon renewal and that failed here or I 
> was just lucky until now because something else (like changes in the 
> GUI) always triggered a reload/restart of dovecot before the old cert 
> could expire.


I've also noticed some inconsistencies there and did some more digging. 
When Vsite certs are installed or renewed, both Sendmail/Postfix 
(whatever is enabled) are restarted and also Dovecot is restarted as 
well. So that part seems to work.

BUT: When the server certificate (also used for AdmServ) is 
installed/renewed, then that is where have issues. The MTA is apparently 
restarted, but Dovecot isn't.

I'll try to find some time over the weekend to fix this for 
5209R/5210R/5211R.

Many thanks for bringing this to my attention!

-- 
With best regards

Michael Stauber