I am just reading through the mailcow documentation and understood that I can configure an external nginx as reverse proxy to point to mailcow and keep the letsencrypt certificate handling in mailcow active.
From what I understood out of the reference configuration I would just point my external nginx (reverse proxy) to the mailcow certificates. I also understood that I need to restart my external nginx when mailcow updates certificates.
The documentation says, just restart nginx once a day. I am now wondering if once a day is sufficient. So I have the following questions:
- When does mailcow try to renew the certificates? A day before they get invalid, or a week before,…?
- Do the old certificates stay active after renewel ? I mean if I restart my reverse proxy all 24 hours the reverse proxy would still try to use the old certificates for up to 24 hours after renewel . Is this a problem?
Thanks for your help!