> On Sep 11, 2017, at 1:37 PM, Bill Shirley <b...@knoxvillechristian.org> wrote:
>
> Thanks for the info.
>
> With acme.sh, reloads are only done when the certificate is renewed.
It is best to just leave Postfix alone, and not reload even then.
If you run certbot often enough to renew well in advance of expiration,
reloads of Postfix are unnecessary, and just needlessly interrupt orderly
processing of email by the queue manager. Usually the new certificate will
be automatically in use within "$max_idle * $max_use" seconds, and typically
sooner, because processes either idle out quickly or reach the re-use limit
quickly, handling $max_use connections that are exactly $max_idle apart is
rather unlikely By default that's 10000 seconds or just under 3 hours.
--
Viktor.
