ssl certs are only reloaded on startup. Mailu serves out of date certificates #10
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The certificates mounted in
app
container in/certs
are getting dumped bytraefik-certs-dumper
properly but mailu doesn't scan for them changing.behavior:
If we have a container running for a really long time (2 months+ uptime because that's how long the letsencrypt certs are valid), the smtp/imap servers will serve the certificate that was loaded 2 months ago which will have expired by this time. Even though the file has been rotated by
traefik-certs-dumper
.workaround:
restart the
app
container every 2 months to load the new certificates lolAmazing troubleshooting @knoflook, nice one!
Mailu docs recommend running this after certs are regenerated:
docker exec mailu_front_1 nginx -s reload
Is it possible that's enough, if the
front
container is indeed terminating TLS even for IMAP/SMTP connections? Maybe it's something we can add to thetraefik-certdumper
config? Or a separate service usinginotifywatch
to detect changes in certs and reload when there are new ones?