got the cert name. what would be the command or you just referring to the "deploy-hook". ?
I don't know what's managing the deamons on freebsd. on systems running systemd it could be something like
systemctl reload apache dovecot postfix
1 Like
I have to reload the by hand as I am edi parameters so I still have to deploy hooks?
the issue is that the daemons might still run with the old certificate (which expires soonish), so you want to automate that.
you can of course reload by hand, but it's unadvisable.
I amn going through and adjusting postfux and dovecot then later will so apaahe after I get mail back. I am stop and restarting each
so much adjusting postix. now getting
May 25 14:09:25 triggerfish postfix/smtpd[71518]: warning: error loading chain from /usr/local/etc/letsencrypt/live/theoceanwindow.com/fullchain.pem: key not first
May 25 14:09:25 triggerfish postfix/smtpd[71518]: warning: error loading private keys and certificates from: /usr/local/etc/letsencrypt/live/theoceanwindow.com/fullchain.pem: disabling TLS support. The order correct. key before pem. Permissions?
also getting this which I imagine is related
:> 10:18 triggerfish postfix/cleanup[71521]: warning: unsupported dictionary type: PATH=/bin. Is the postfix-PATH=/bin package installed?
May 25 14:10:18 triggerfish postfix/cleanup[71521]: error: unsupported dictionary type: PATH=/bin
May 25 14:10:18 triggerfish postfix/cleanup[71521]: fatal: open dictionary: expecting "type:name" form instead of "ddd"
May 25 14:10:19 triggerfish postfix/master[70920]: warning: process /usr/local/libexec/postfix/cleanup pid 71521 exit status 1
May 25 14:10:19 triggerfish postfix/master[70920]: warning: /usr/local/libexec/postfix/cleanup: bad command startup -- throttling
May 25 14:11:19 triggerfish postfix/cleanup[71524]: warning: unsupported dictionary type: PATH=/bin. Is the postfix-PATH=/bin package installed?
I think this might be useful to you:
You can also store the keys separately from their certificates, again provided each is listed before the corresponding certificate chain. Storing a key and its associated certificate chain in separate files is not recommended, because this is prone to race conditions during key rollover, as there is no way to update multiple files atomically.
# Postfix ≥ 3.4. # Storing keys separately from the associated certificates is not # recommended. smtpd_tls_chain_files = /etc/postfix/rsakey.pem, /etc/postfix/rsacerts.pem, /etc/postfix/ecdsakey.pem, /etc/postfix/ecdsacerts.pem
(or you can use the deploy hook to cat key.pem fullchain.pem > /somewhere/else/postfix.pem too)
more here: Postfix Configuration Parameters
1 Like
thanks that got rid of the certficate/kety problem
the deploy hook and I don't get along
it told me to
certbot reconfigure --cert-name theoceanwindow.com --disable-hook-validation
My major impediment remains.
10:18 triggerfish postfix/cleanup[71521]: warning: unsupported dictionary type: PATH=/bin. Is the postfix-PATH=/bin package installed?
May 25 14:10:18 triggerfish postfix/cleanup[71521]: error: unsupported dictionary type: PATH=/bin
May 25 14:10:18 triggerfish postfix/cleanup[71521]: fatal: open dictionary: expecting "type:name" form instead of "ddd"
May 25 14:10:19 triggerfish postfix/master[70920]: warning: process /usr/local/libexec/postfix/cleanup pid 71521 exit status 1
May 25 14:10:19 triggerfish postfix/master[70920]: warning: /usr/local/libexec/postfix/cleanup: bad command startup -- throttling
May 25 14:11:19 triggerfish postfix/cleanup[71524]: warning: unsupported dictionary type: PATH=/bin. Is the postfix-PATH=/bin package installed?
It worked a week ago. II think this is related to master.cf. The is certainly not a cerificate issue
Web search not successful. time to ask the postfix comuniity
Ok for those interested the issue here was a mistake with Header_check bin the main.cf. Fixed that all was good
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.