Comments (5)
Are you sure they won't update? Does certbot create new files instead of overwriting them in place?
from chasquid.
The recommended way is to use filesystem ACLs to give chasquid read access to the /etc/letsencrypt/live
and /etc/letsencrypt/archive
directories. New files in those directories inherit the ACLs from the parent, so after a cert renewal the new files will also be readable by chasquid.
This is documented in the how-to. In particular, this part sets up the ACLs on the letsencrypt certificates:
# Give chasquid access to the certificates.
# Dovecot does not need this as it reads them as root.
sudo setfacl -R -m u:chasquid:rX /etc/letsencrypt/{live,archive}
Does this help? Let us know if there's something still unclear!
from chasquid.
Thank you. I should have thought of that. It was the README that threw me off, I guess. It recommended symlinking, so that's sort of the lens through which I was sort of viewing the situation. Thanks again. Ill be sure to star the repo if I haven't already.
from chasquid.
I see! The installlation guide mentions the symlinking but not the ACLs, and I think it's a good point that it can be confusing.
I'll update the doc to make it clearer, thanks for letting us know!
from chasquid.
The documentation changes are in master
and in v1.9.
Please reopen/comment further if there's any other suggestion, and thanks again for reporting this!
from chasquid.
Related Issues (20)
- JMAP support HOT 2
- t-11-dovecot fails due to permission errors HOT 2
- docker: setfacl step fails when using user-provided certificates HOT 4
- Send-only server without dovecot? HOT 3
- SpamAssassin integration in Ubuntu 16.04 needs adjustment HOT 5
- Send-only server: `Destination address is unknown` when sending to local domain HOT 2
- Do not `chown` files (unless the new file has a different UID/GID) HOT 1
- [smtp-check]: Some MTA do reject client connections unless the local name looks like an fqdn HOT 2
- Extend how-to guide to include how to actually send email HOT 5
- Surprising interaction of drop_characters with aliases HOT 8
- Support domain users with no valid password, for receive-only MTAs HOT 1
- Using an empty listening address in the config results in chasquid listening on a random port HOT 4
- Review DATA parsing code for SMTP smuggling attack vectors HOT 22
- Add a document for client configuration HOT 1
- Behavior of aliases pointing to non-existent local addresses HOT 2
- mail to/from IP address, or just document how HOT 5
- No Docker images for 1.11+ HOT 12
- Wording of SMTP error messages HOT 4
- FR: add pre-DATA (post-RCPT-TO) hooks HOT 1
- Send-only accounts - errors reading users file HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chasquid.