The cert I use for dovecot, SMTP, and proftpd is an LE cert. Every time it updates, I have to restart Dovecot or it eventually expires in the running version. Why isn’t this happening automatically?
On the “SSL Certificates” page for the domain I use for those services, it says:
Used by services Webmin (domain.xxx), Usermin (host domain.xxx), Dovecot (global), Postfix (host domain.xxx), Postfix (global)
But every three months I get an “expired cert” error on IMAP clients, and have to manually restart dovecot?
Additionally, it seems that a restart of postfix was insufficient to fix the outgoing (SMTPS) certificate. That required a “postmap -F hash:/etc/postfix/sni_map” in addition! Some kind of cert caching? Why have I never had to do this before?
Perhaps, to apply global certificate you need to fully restart the service, instead of reload? Also, I read few posts on StackOverflow where other people reported the same problem, saying that reload didn’t work but restart fixed the problem.
I think it needs both – postmap on the sni_map, AND a restart of postfix. Maybe it only needed a reload of postfix config after the postmap, but I did a restart (and without the restart it was still caching the old cert).
Well, that conflicts with my experience and the posting at:
which had a postmap fix a renewal issue, just as I experienced. I don’t know if the file location changed, but the renewal happened without my interaction (and I did not install certbot in any way other than what the standard virtualmin install does).