Replies: 2 comments
-
|
At the moment, there is no way to force Mailrise to read the certificates again, so restarting the container periodically is indeed the simplest solution. If you pick an infrequent period such as once a week (plenty of time for Traefik to renew within its 30-day window before expiry), I can’t imagine you would be unlucky enough to kill the daemon while it is sending a notification. I would be happy to add a mechanism to trigger a certificate reload, but I can’t find any documentation or best practices on how this would be done with a Python ssl context. Few people need hot reloads, apparently. To avoid any permissions issues, match the Mailrise container’s uid and gid of 999:999. |
Beta Was this translation helpful? Give feedback.
-
|
Alright, thank you. Best Regards, P.S.: Thank you for always responding quickly, keep up the great work! |
Beta Was this translation helpful? Give feedback.
-
Hi,
I've set up Mailrise behind a Traefik Reverse Proxy with plain auth mode as suggested in the README to not have to deal with certificate renewals.
Unfortunately I now have to deal with an SMTP client that only supports explicit TLS (STARTTLS) or plain auth. So if I don't want to use plain auth, I only have the option to provide Mailrise with a certificate itself. My plan is to use traefik-cert-dumper to export the certificate from Traefik's store and feed it to Mailrise. My main concern here is how to get Mailrise to reload the certificate after renewal. Is it possible to trigger cert reload for Mailrise from the command line? I'd like to avoid having to restart the container periodically, especially if I don't really know when the certificate was renewed.
A minor concern is a permission mismatch with the certificates mounted into the Mailrise container.
Any suggestions on how to deal with this are welcome!
Best Regards,
Salvoxia
Beta Was this translation helpful? Give feedback.
All reactions