My client just told me that the email system stopped working. I checked and it appeared to be related to a certificate renewal not making into dovecot and/or postfix.
Later, I manually recreated the certificate via letsencrypt and noticed that the dovecot.cert.pem and dovecot.key.pem files didn't get updated when the /etc/letsencrypt/live files did. However, the system said that dovecot and postfix were already configured to use the new certificate!
I've made a symbolic link to the current cert and key from the dovecot files but know this will probably break again in a couple of months when the cert renews.
What is the proper way to get this stuff to propagate up renewal?