I have slowly learned when doing letsencrypt certbot renew byt simply doing both:
certbot renew --dry-run
certbot renew
Then a little later I started having issues with dovecot and postfix and learned that I should be restart these services.
However, I started getting issues with clients like thunderbird and cell phones saying that the certificate is expired still. Doing some test with openssl I can see that its pointing to an old certificate, yet everything is correctly configured on the system pointing the right places etc.
but postfix eventually give me the certificate expired
I always have to do
postmap -F /etc/postfix/sni_map
From what I can see everything seems ok after that and openssl now shows the new dates expiration
So should I be doing the following every time I certbot renew? I would like to ensure I do the correct procedures when it is time for renewal.
certbot renew
postmap -F /etc/postfix/sni_map
systemctl restart postfix / or reload
systemctl restart dovecot
I am using virtualmin
The system is configured for multiple domains
Operating system Debian Linux 11
My web server is (include version): apache2
My hosting provider, if applicable, is: VM
I can login to a root shell on my machine (yes):
I'm using a control panel to manage my site (no):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.12.0