DevHeads.net

Renewal of Let's encrypt certs being used in postfix

Hi there. We just started using let's encrypt certs in our mail servers.
Since renewal of the certs is done automatically, will postfix cope well
with that or will we have to restart it after the renewal takes place?

Thanks so much in advance for your help!

Ignacio

Comments

Re: Renewal of Let's encrypt certs being used in postfix

By Olivier Nicole at 10/11/2018 - 03:14

Hello,

I do restart postfix. In fact, I do reboot the mail server as other
pieces of software are affected (imap).

A general reboot every 3 months is not that bad.

Bestregards,

Olivier

Re: Renewal of Let's encrypt certs being used in postfix

By Matus UHLAR - f... at 10/11/2018 - 03:22

On 11.10.18 15:14, Olivier wrote:
I only do reload for apache, proftpd, courier etc and only restart services
that can't handle reload. I don't restart unless really needed.

only if a kernel is to be replaced. I don't see readon to reboot servers
periodically.

Re: Renewal of Let's encrypt certs being used in postfix

By C. Petro at 10/15/2018 - 13:25

I have 2 reasons, neither having anything to do with postfix:

1) If you are using a filesystem type that wants to be checked every 180+
days, you will want to do a controlled reboot when YOU want your server
offline for a while, not when Thor, God of Storms and Lighting, or Loki,
god of Chaos decides. They have enough say anyway.
2) Some administrators see a big uptime and start to defer patches unless
"really necessary" because they want to win uptime wars.

Both of these can be mitigated by a policy of "no more than 182 days
uptime"

On Thu, Oct 11, 2018 at 2:23 AM Matus UHLAR - fantomas < ... at fantomas dot sk>
wrote:

Re: Renewal of Let's encrypt certs being used in postfix

By Dominic Raferd at 10/11/2018 - 03:14

Viktor answered this one here a little while ago:
But I don't know whether the same is true for dovecot (whether for sasl or
imap) - I restart dovecot after cert renewal just in case.

Re: Renewal of Let's encrypt certs being used in postfix

By Ignacio Garcia at 10/11/2018 - 04:01

Sorry I could not read that message posted by Viktor. Probably I was not
subscribed yet. Nevertheless, thanks for your answers.

El jue., 11 oct. 2018 a las 10:14, Dominic Raferd (< ... at timedicer dot co.uk>)
escribió:

Re: Renewal of Let's encrypt certs being used in postfix

By Ralph Seichter at 10/11/2018 - 06:17

The Postfix mailing list archives (<a href="http://www.postfix.org/lists.html" title="http://www.postfix.org/lists.html">http://www.postfix.org/lists.html</a>)
are a treasure trove of information.

-Ralph