DEV Community

Toby Inkster
Toby Inkster

Posted on

Some software is too reliable

Originally posted on my blog.

So my email client has been giving me warnings for a few weeks about my mail server’s certificate having expired. I trust the server, so I assumed something had gone wrong with certbot and the renewal process hadn’t worked. I put fixing it on my todo list.

Today I finally got a chance to look into it and inspected the certificate.

It wasn’t due to expire for a couple of months.

So why is my mail client saying it expired in April?

I checked the config files to make sure the mail server software was looking at the right certificate, and then I had an idea.

$ uptime
17:38:17 up 132 days,  6:48,  1 user,  load average: 0.01, 0.04, 0.01
Enter fullscreen mode Exit fullscreen mode

The server hadn’t been rebooted for a while. The mail server software had loaded the certificate when it started, but had kept it in RAM ever since. So when the certificate was updated on the disk, it was still using the old certificate in memory.

$ service postfix restart
Restarting postfix (via systemctl): postfix.service.
$ service dovecot restart
Restarting dovecot (via systemctl): dovecot.service.
$ service amavis restart
Restarting amavis (via systemctl): amavis.service.
Enter fullscreen mode Exit fullscreen mode

All fixed.

Discussion (1)