Docker-mailserver: Update LetsEncrypt certificates

Created on 27 May 2020 · 5Comments · Source: tomav/docker-mailserver

Hello,

Just want to confirm that this is the correct procedure to update the LetsEncrypt certificates every ~3 months:

I have in my docker-compose file:

    volumes:
    - /opt/mailserver/letsencrypt:/etc/letsencrypt

I generate/renew the certificates on the host machine, then:

cp -R -L /etc/letsencrypt/live/mail.mydomain.com/* /opt/mailserver/letsencrypt/live/mail.mydomain.com/

docker exec mailserver openssl s_client -connect 0.0.0.0:25 -starttls smtp -CApath /etc/ssl/certs/
Verify return code: 0 (ok)

docker exec mailserver openssl s_client -connect 0.0.0.0:143 -starttls smtp -CApath /etc/ssl/certs/
Verify return code: 0 (ok)

Is this correct and enough? I don't need to restart any services or even the container?

Thank you very much :)

needs triage question

Source

ghnp5

👀1

Most helpful comment

Postfix also uses the certificate, so this instance should also be reloaded:
docker exec -it mail postfix reload

m-a-v on 14 Jun 2020

👍2

All 5 comments

I think Dovecot must be reloaded (at least):

docker-compose exec mail bash -c '[[ "$SMTP_ONLY" -ne 1 ]] && dovecot reload'

gmasse on 27 May 2020

👍1

Postfix also uses the certificate, so this instance should also be reloaded:
docker exec -it mail postfix reload

m-a-v on 14 Jun 2020

👍2

Thanks guys!

ghnp5 on 14 Jun 2020

Postfix also uses the certificate, so this instance should also be reloaded:
docker exec -it mail postfix reload

According to my tests, postfix automatically reloads new certificate. Anyone to double check that ? In the meantime, reloading postfix would not hurt 😉

gmasse on 15 Jun 2020

According to my tests, postfix automatically reloads new certificate. Anyone to double check that ? In the meantime, reloading postfix would not hurt 😉

Your assumption could be true. I am using SSL_TYPE=manual with dehydrated and Let's Encrypt.

m-a-v on 15 Jun 2020

Was this page helpful?

0 / 5 - 0 ratings