Email server configuration still complaining the connection isn't secure

unix ssl-certificate email smtp

Inspecting the certificate shows that the certificate has expired.

Since the webserver provides a valid certificate, it seems that the mail service hasn't been restarted after the certificate was renewed and is still serving the old certificate.

A restart of the mail service should fix the problem.

To prevent such problems in the future you can use the renew-hook of certbot with a simple shell script.

This is a script I am using:

#!/bin/bash
for domain in $RENEWED_DOMAINS
do
    if [ "$domain" = mail.example.com ]
    then
        systemctl reload dovecot
        systemctl reload postfix
    elif [ "$domain" = intern.example.com ]
    then
        cp /etc/letsencrypt/live/$domain/* /etc/ldap/ssl/
        chown -R openldap:openldap /etc/ldap/ssl/
        chmod 640 /etc/ldap/ssl/*
        systemctl reload slapd
    else
        systemctl reload apache2
    fi
done

The script is provided to certbot with the --renew-hook parameter in the cron job:

/opt/certbot-auto --renew-hook /opt/certbot-renew renew --quiet --no-self-upgrade

Related

RHEL5 - Bind doesn't return IPv6 records
Is there a method of viewing/exporting the current running config of Apache as a single file?
postfix relay based on origin
HP DL380e Linux not seeing drive array for installation
NAT gateway for ec2 instances
3rd party SSD drives in HP Proliant server - monitoring drive health
No-ip works for non-internal clients, pinging works internally
What are the differences between consumer grade SSDs and the much more expensive enterprise SSDs?
Issues with using real domain for Active Directory domain?
Nagios check whether at least one out of two services is OK
PCI Compliance: install Apache 2.4.17 on Ubuntu 14.04.3?
Permanently add a directory to PYTHONPATH?