Sorry I could not read that message posted by Viktor. Probably I was not subscribed yet. Nevertheless, thanks for your answers.
El jue., 11 oct. 2018 a las 10:14, Dominic Raferd (<domi...@timedicer.co.uk>) escribió: > On Thu, 11 Oct 2018 at 09:08, Ignacio Garcia <y...@ignasi.com> wrote: > >> Hi there. We just started using let's encrypt certs in our mail servers. >> Since renewal of the certs is done automatically, will postfix cope well >> with that or will we have to restart it after the renewal takes place? >> > > Viktor answered this one here a little while ago: > > Each smtpd(8) process handles a limited number of connections ($max_use, > default 100) and exits. It also exits when idle for sufficiently long > ($max_idle, default 100s). > > > > Since each smtpd(8) process reads the certificates for itself, unless the > cert/key rotation is extremely urgent (the current cert is expired and > causes problems, i.e. key rotation is already too late) there is no need > for a restart. > > > > And even when the key rotation is urgent "postfix reload" is sufficient, > you don't need to restart. This allows existing connections to finish > gracefully. > > But I don't know whether the same is true for dovecot (whether for sasl or > imap) - I restart dovecot after cert renewal just in case. >
