Restart after new TLS certificate?
Paul van der Vlis
paul at vandervlis.nl
Fri Oct 27 08:20:48 EDT 2017
Op 27-10-17 om 13:03 schreef Patrick Boutilier:
> On 10/27/2017 07:51 AM, Paul van der Vlis wrote:
>> Hello,
>>
>> I use now a certificate from LetsEncrypt and it is automatically
>> renewed. Needs Cyrus to be restarted before it sees the new certificate?
>>
>> There is nothing changed in the configfile. The configfile points to an
>> symlink what changes to a new certificate.
>>
>> And maybe you know a way how to test which certifate Cyrus uses?
>
> Pretty sure Cyrus will just start using the new certificate.
Yes, but I would prefer not to restart ;-)
I know other applications like Postfix and Apache don't need a restart
when the certificate is installed some days before they expire. Because
they refresh the certicate.
> Using openssl to test is one way.
>
> openssl s_client -connect <IP>:<port>
>
> Look in the output for the issuer, etc...
Hmm, this does not work. Maybe because I use STARTTLS?
This works:
openssl s_client -starttls -connect imap mail.vandervlis.nl:143
With regards,
Paul van der Vlis
> Another option is to use this script:
>
> https://matteocorti.github.io/check_ssl_cert/
>
>
>
>>
>> With regards,
>> Paul van der Vlis
>>
>>
>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
--
Paul van der Vlis Linux systeembeheer Groningen
https://www.vandervlis.nl/
More information about the Info-cyrus
mailing list