Originally posted on my blog.
So my email client has been giving me warnings for a few weeks about my mail server’s certificate having expired. I trust the server, so I assumed something had gone wrong with certbot and the renewal process hadn’t worked. I put fixing it on my todo list.
Today I finally got a chance to look into it and inspected the certificate.
It wasn’t due to expire for a couple of months.
So why is my mail client saying it expired in April?
I checked the config files to make sure the mail server software was looking at the right certificate, and then I had an idea.
$ uptime 17:38:17 up 132 days, 6:48, 1 user, load average: 0.01, 0.04, 0.01
The server hadn’t been rebooted for a while. The mail server software had loaded the certificate when it started, but had kept it in RAM ever since. So when the certificate was updated on the disk, it was still using the old certificate in memory.
$ service postfix restart Restarting postfix (via systemctl): postfix.service. $ service dovecot restart Restarting dovecot (via systemctl): dovecot.service. $ service amavis restart Restarting amavis (via systemctl): amavis.service.