On 9/11/2017 5:21 AM, Dominic Raferd wrote: > > > On 11 September 2017 at 11:59, Gary <li...@lazygranch.com > <mailto:li...@lazygranch.com>> wrote: > > As you know, letsencrypt certs can be automatically updated. > However, you need to reload/restart Postfix/Dovecot to use the new > cert. My email client insisted I had an expired cert. I couldn't > download or send email. (Fortunately I'm on a test domain, getting > ready for the Oct 1st Google insistence on encryption.) > > Letsencrypt suggests running acme on a daily basis, so just do the > same for Postfix and Dovecot. > > > Does anyone know a way to detect if the certificate currently being > used by Postfix and/or Dovecot is nearing expiry (esp. in case they > haven't picked up the updated letsencrypt certificate)? >
Why not use entr (http://entrproject.org/) to detect when there is a new certificate file, and restart Dovecot/Postfix?
