got panicked customers - turns out postfix was still serving expired certs - how is ispconfig renewing LE certs? and why would postfix/dovecot not get restarted? also I seemed to have a bogus cert (with a -0001 at the end) that has somehow got created in the /live directory. how do I track down who what did that? and is there any log anywhere when ISPConfig has infact renewed them? and how to we make sure postfix dovecot get restarted after renewal? there is NOT a cronjob in /etc/cron.d but I have /opt/certbot installed and that works (it renewed one of the certs where the conf file had gotten zero-length and there was a version with ~backup at the end. any idea where that came from? I found a script that restarts postfix/dovecot if it sees the LE cert is different from the cert currently being served (checking serials). I guess this could be run once a day. and WHEN is the renew script being run? there is a file in ispconfig/classes/cron.d 900-letsencrypt.inc.php how can I tell when this is being invoked? inquiring minds etc.
Pleases ee here for the correct LE setup for postfix, pure-ftpd and ispconfig interface on port 8080 incl. script that restarts postfix and other services on renewal: https://www.howtoforge.com/communit...l-port-8080-with-lets-encrypt-free-ssl.75554/ Le does rename certs sometimes and appends a number like 0001 to them, this is a normal LE cert and nothing bogus. This is run once a night. But that's not related to the missing postfix restart. See the link I posted above for setting up the restart of services other than the web server when an LE cert changes.
