Remo,
Here's mine... I run the /usr/bin/certbot renew command nightly. Then
about an hour after that, I run this [change the secure.carlc.com to what
ever URL your Letsencrypt cert is under]:
#!/bin/bash
#
# Script to copy lets encrypt files to the right area and restart the needed
services.
#
# Initial concept by RCC 06/08.2018
#
# Test if the letsencrypt live cert.pem file was changed in the last 24
hours...
#
if test `find "/etc/letsencrypt/live/secure.carlc.com/cert.pem" -mmin +1440`
then
echo "Cert file is older than 1440 test minutes (24 hours)... STOP!"
exit
fi
echo "Get to work, New cert file is younger than 1440 minutes (24 hours)..."
#
#
# Dovecot just needs a restart as they are using the /etc/letsencrypt/live
files already
#
/usr/sbin/service dovecot restart
#
# Qmail SMTP-SSL
#
# Create a new /var/qmail/control/servercert.pem-NEW
#
# NOTE: order is critical, start with private key, then URL cert, then any
intermediate files.
#
cat /etc/letsencrypt/live/secure.carlc.com/privkey.pem >
/var/qmail/control/servercert.pem-NEW
cat /etc/letsencrypt/live/secure.carlc.com/cert.pem >>
/var/qmail/control/servercert.pem-NEW
cat /etc/letsencrypt/live/secure.carlc.com/chain.pem >>
/var/qmail/control/servercert.pem-NEW
#
# Swap out files, move current to OLD then NEW to current
#
mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem-OLD
mv /var/qmail/control/servercert.pem-NEW /var/qmail/control/servercert.pem
chmod 644 /var/qmail/control/servercert.pem
chown root.vchkpw /var/qmail/control/servercert.pem
#
# Need to restart QMAIL
#
/etc/rc.d/init.d/qmail restart
#
# Webmin (thank you QMAIL, we can use the new PEM file as it's the same
format)
#
/usr/sbin/service webmin stop
cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem
/usr/sbin/service webmin start
#
#
#
-----Original Message-----
From: Remo Mattei [mailto:[email protected]]
Sent: Wednesday, April 27, 2022 03:07 PM
To: [email protected]
Subject: Re: [qmailtoaster] iPhone updates / new ssl breaks connection
Hi David, can you share your config maybe I ping you offline.
Remo
> On Apr 26, 2022, at 23:55, David Bray <[email protected]> wrote:
>
> I'm using Letsencrypt and it renews every - well not sure, is it 10/11
weeks - the certs are valid for 3 months
>
> It never has an issue with iOS
>
> Cheers
>
> David Bray
> e. [email protected]
>
> April 27, 2022 1:47 AM, "Remo Mattei" <[email protected]> wrote:
>
>> Hello guys,
>> I got a few of my customers that every year after the upgrade of the SSL
cert do have issues and
>> shows cert expired or not valid. I did not have the issue on my iOS, but
I just wonder if anyone
>> has seen that and how they planned to overcome to this issue.
>>
>> Thanks,
>> Remo
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
