Page MenuHomeDevCentral
Create Task
Maniphest T2196

Reload of dovecot and postfix when certif renew
Open, HighPublic
Actions

Description

When mail.nasqueron.org certificate is renewed automatically, the following services need to be reloaded:

  • Dovecot for IMAP/POP
  • Postfix for SMTP
  • nginx for webmail (for that one, we already have an existing script)

When the service isn't reloaded, a new certificate exists but the server will still serve one of the previous ones.

Related Objects
Search...

Event Timeline

DorianWinty created this task.Dec 10 2025, 06:51
dereckson moved this task from Backlog - On hold pending T1475 to Next on the Mail board.Dec 10 2025, 08:08
Duranzed added a subtask: T1849: Cover page for autoconfig.nasqueron.org.Thu, Jan 29, 18:09
dereckson triaged this task as High priority.Thu, Feb 5, 23:31
dereckson removed DorianWinty as the assignee of this task.Thu, Feb 5, 23:36
dereckson added a project: good-first-issue.

With D3906, there is a way to do this easily, by adding the command to the certificate_options pillar in https://devcentral.nasqueron.org/source/operations/browse/main/pillar/core/certificates/hervil.sls$13

The mail.nasqueron.org domain is the certificate we're interested for both Dovecot and Postfix. It's also used for nginx.

A new custom script to run after the certificate is reloaded could be as simple as:

acmesh-reloadMailServices
#!/bin/sh

service dovecot reload
service postfix reload
acmesh-nginxCheck
dereckson updated the task description. (Show Details)Thu, Feb 5, 23:38
dereckson added a project: Restricted Project.
dereckson moved this task from Backlog to Ops on the good-first-issue board.
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator