letsencrypt renew breaks dovecot?

My client just told me that the email system stopped working. I checked and it appeared to be related to a certificate renewal not making into dovecot and/or postfix.

Later, I manually recreated the certificate via letsencrypt and noticed that the dovecot.cert.pem and dovecot.key.pem files didn't get updated when the /etc/letsencrypt/live files did. However, the system said that dovecot and postfix were already configured to use the new certificate!

I've made a symbolic link to the current cert and key from the dovecot files but know this will probably break again in a couple of months when the cert renews.

What is the proper way to get this stuff to propagate up renewal?

Status: 
Active

Comments

Are you referring to the per-IP dovecot and postfix certificates, or the global cert?