reload services after let's encrypt certificate renewal

Hi, the automatically process of Let's Encrypt certificate renewal includes a Apache reload. But the certificate is used in more services. In virtual servers with dedicated IP, the URL for manage mailing list is using the virtual server domain certificate through Webmin on port 10000, example:

https://domain.org:10000/virtualmin-mailman/unauthenticated/listinfo.cgi...

So a Webmin reload is needed to start using the new certificate. The same certificate is used also in Dovecot and Postfix, I think both also needs a reload (I didn't tested it).

Could you add this feature to Virtualmin?

thanks in advanced

Status: 
Fixed (pending)

Comments

This should happen already, as long as the Let's Encrypt renewal was done in Virtualmin (on the Manage SSL Certificate page).

Apache gets reloaded but I also need to reload dovecot manually. Poor man's solution is to put dovecot restart every 2 weeks in cron. If virtualmin could be switched to external certbot we could use hooks to reload every service that uses the just renewd cert but when the renewal is handled by internal virtualmin code (default approach?) I do not know where I could add my hooks.

Ilia's picture
Submitted by Ilia on Mon, 12/02/2019 - 04:29

You can go to:

System Settings/Virtualmin Configuration/Actions upon server and user creation, then Command to run after making changes to a server, and point it to custom made script with the content:

#!/usr/bin/env bash
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    /usr/bin/systemctl restart dovecot.service
fi

I found a bug that can cause Dovecot to not get restarted on cert renewal - I'll fix it in the next Virtualmin release.

moskit's picture
Submitted by moskit on Fri, 05/08/2020 - 17:00 Pro Licensee

When we can expect this fix to be released?

Are you on Virtualmin 6.09? If so, you should already have it.

I'm on 6.09 and dovecot doesn't automatically restart after a cert renewal. Do you have an idea when 6.10 is coming out?

Hi Jamie, people are reporting problems with dovecot.

Dovecot enters failed state exactly the same time as letsEncrypt certificate gets renewed. Confirmed by many. We are using latest versions. Maybe this problem is connected with what was done here in this thread? Can you please help?

Webmin version 1.942
Usermin version 1.791 Virtualmin version 6.09

https://forum.virtualmin.com/t/dovecot-failed-state/105718/86

Ilia's picture
Submitted by Ilia on Sat, 07/04/2020 - 09:43

We have fixed those issue with Dovecot.

We are planning to release Virtualmin 6.10 this weekend!