On Thu, Mar 14, 2019, at 11:33 AM, Yassine Chaouche via dovecot wrote: > On 3/14/19 9:32 AM, Yassine Chaouche via dovecot wrote: > > The general answere here is try and see, as you could totally test it > > on your own. The certificate is read at startup and put in memory for > > the rest of the execution time. Dovecot won't monitor the file for > > changes on disk, as this would waste CPU cycles and make dovecot only > > slower for no reason. The process (or person) that changes the file is > > responsible to restart dovecot to reload the new certificate in memory. > > > > Yassine. > > I should mention that this is also true for Apache and postfix. > > Yassine.
Certbot has a feature to run scripts when renewing / deploying certificates. https://certbot.eff.org/docs/using.html#renewing-certificates Certbot also looks for these scripts under /etc/letsencrypt/renewal-hooks/pre post deploy FWIW here is my script restart.sh located in /etc/letsencrypt/renewal-hooks/deploy ------------- #!/bin/sh systemctl restart nginx postfix dovecot echo "Certbot renewal\n\n$RENEWED_LINEAGE\n\n$RENEWED_DOMAINS" | mail -s "Certbot renewal" f...@bar.com ------------- -- K
