Page MenuHomeDevCentral
Files F11723725

No OneTemporary
Actions

View Options

diff --git a/roles/mailserver/certificates/files/update-smtp-certificates b/roles/mailserver/certificates/files/update-smtp-certificates
index 865729a..a94aa20 100755
--- a/roles/mailserver/certificates/files/update-smtp-certificates
+++ b/roles/mailserver/certificates/files/update-smtp-certificates
@@ -1,22 +1,23 @@
#!/bin/sh
# -------------------------------------------------------------
# Deploy mail certificate to SMTP server
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-11-03
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
: ${CONTAINER_NAME='mailserver'}
: ${CERT_DIR='/data/letsencrypt/etc/live/mail.nasqueron.org-0001'}
: ${CONTAINER_DIR="/var/lib/lxc/$CONTAINER_NAME/rootfs"}
cp $CERT_DIR/fullchain.pem $CONTAINER_DIR/etc/ssl/certs/mailserver.crt
cp $CERT_DIR/privkey.pem $CONTAINER_DIR/etc/ssl/private/mailserver.key
-# postfix runs as root
+# Mail servers can read the certificate as root before dropping privileges
chown 0:0 $CONTAINER_DIR/etc/ssl/private/mailserver.key
chmod 400 $CONTAINER_DIR/etc/ssl/private/mailserver.key
lxc-attach -n $CONTAINER_NAME -- service postfix restart
+lxc-attach -n $CONTAINER_NAME -- service dovecot restart

File Metadata

Mime Type
text/x-diff
Expires
Thu, Sep 18, 11:17 (19 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2988129
Default Alt Text
(1 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator