Recently I had an issue where certbot failed to renew my certificate due to a misconfiguration in my Apache config file. I managed to fix the issue and get the certificate renewed, and everything worked fine as far as my webserver is concerned. However I also use the same certificate in both Dovecot and Postfix and my mail clients all started complaining about an expired certificate.
Eventually I realized that restarting those services fixed the problem. I’m not sure about whether this is related to Dovecot or Postfix because I restarted both at once and the issue disappeared. But somehow it seems that one (or both) of those services possibly caches the certificate.
Does anyone know for sure which of these would have been the culprit? I was thinking maybe I need to restart those services when a renewal takes place but can that be done as part of the certbot renewal process? Or is there possibly a way to turn off certificate caching? Any help here is appreciated.