From 31794008c937f4ceb0d704c19a27683b74834535 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 20 Dec 2022 20:23:23 +0100
Subject: [PATCH] certificate/postfix: propagate postfix SNI stuff when
 renewing certificates

---
 src/certificate.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/certificate.py b/src/certificate.py
index 7671cf93e..0fca3bf07 100644
--- a/src/certificate.py
+++ b/src/certificate.py
@@ -738,7 +738,7 @@ def _enable_certificate(domain, new_cert_folder):
 
     logger.debug("Restarting services...")
 
-    for service in ("postfix", "dovecot", "metronome"):
+    for service in ("dovecot", "metronome"):
         # Ugly trick to not restart metronome if it's not installed
         if (
             service == "metronome"
@@ -750,7 +750,8 @@ def _enable_certificate(domain, new_cert_folder):
     if os.path.isfile("/etc/yunohost/installed"):
         # regen nginx conf to be sure it integrates OCSP Stapling
         # (We don't do this yet if postinstall is not finished yet)
-        regen_conf(names=["nginx"])
+        # We also regenconf for postfix to propagate the SNI hash map thingy
+        regen_conf(names=["nginx", "postfix"])
 
     _run_service_command("reload", "nginx")