0

I am experiencing a weired issue regarding a letsencrypt SSL certificate on my postfix mail server.

According to certbot: "The following certs are not due for renewal yet: /etc/letsencrypt/live//fullchain.pem expires on 2022-01-31 (skipped)" (If i run certbot renew --dry-run, however, "[...] all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live//fullchain.pem (success)")

However, if I try to connect via IMAP (using thunderbird), I get a warning and the certificate shows a validity of "Not After 12/2/2021".

This is a difference of almost 2 month. I double checked that it is indeed the same certificate (dovecot and postfix both include the very same path printed out by certbot).

I guess I could forcefully renew the cert, but I'd rather understand the base issue here, to prevent another "invalid certificate" warning in the future.

Feels like I am overseeing something obvious as this is unlikely to be some kind of bug. If you need more information, tell me. Any tiny little hint is very welcome!

Happy codin'

randmin
  • 59
  • 8
  • 1
    Restart your imapd. It hasn't loaded the new certificate after the last renewal. – Gerald Schneider Dec 02 '21 at 14:27
  • Most likely: your imap server (dovecot) wasn't restarted after the certificate got renewed... – Bob Dec 02 '21 at 14:27
  • Indeed that was the problem. Thank you both. I will not delete the question, however, because the problem description of the thread you supply is not very intuitive if you do not link the issue to a renewal that happened some month ago :) – randmin Dec 02 '21 at 14:45

1 Answers1

0

I had to restart the IMAP service. In my case:

sudo systemctl restart dovecot

Apparently, I forgot to restart the service the last time the certificate was renewed. This was particularly tricky to find, because I did not renew the certificate lately and thus did not link this issue to an earlier renewal at all.

Thanks to Gerald Schneider and Bob for the fast comments that helped me find this.

randmin
  • 59
  • 8