Mail server + Web server autorenewal - how?

DeadlineX · January 7, 2020, 5:43pm

Hello,
I’ve installed certificate for Apache web server, using “–apache” Certbot’s command.
Then I’ve used this certbot command to install certificate for mail server, physically located in the same system: “sudo certbot certonly --standalone -d mail.example.com”. Using it, I was asked to stop Apache web server to free port 80.
Here is my question: how to update both certificates automatically? What will happen when I’ll use “certbot update” command next time? Will it update web sites certificates only? If so, then can I add “mail.example.com”, pointed above to my web server’s virtual domains list? Will it allow certbot to update both mail.xxxx and www.xxxx certificates?
Or have you better solution for such automation?
-Thank you.

Osiris · January 7, 2020, 6:37pm

You can use Apache also only for the authentication, as everything runs on the same server you’ve said.

certbot certonly -a apache -d mail.example.com

That should do the trick. You don’t need a virtualhost for that specific hostname, certbot will generate a temporary config for that. If you want, you can add more hostnames, for example:

certbot certonly -a apache -d mail.example.com -d imap.example.com -d smtp.example.com

Whatever you like

DeadlineX · January 7, 2020, 6:44pm

Thank you, of course I understand that I can send separate commands for every host.
My question was just about the renewal process. Say, now I have one certificate, installed with --apache key and another one, issued by “manually” using “certonly” command. What will happen when I’ll use “update” command? will both certs be updated? I’d like to setup a cron task. This is why I’m asking.

Osiris · January 7, 2020, 7:39pm

Yes, you can just use certbot renew. However, you’ll probably need to reload your mail services. You can use --deploy-hook to execute a script to do that.

DeadlineX · January 8, 2020, 6:46pm

Thank you for the explanation.
Is there any code sample I could use in order don’t invent a wheel?

Osiris · January 8, 2020, 7:51pm

I’m not familiar with off the shelf scripts, sorry. Although it shouldn’t have to be more than two lines: the reload commands aren’t that difficult

system · February 7, 2020, 7:51pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.