Renewing SSL Certificates like a boss (aka validating you didn't screw up (or, you did))

Probably not the first time i've done it - renewing my Letsencrypt SSL certs without then actually bouncing daemons to load new certs.

Some tips for validating that your cert is actually working:

Firstly, show cert details:

blakjak@raven:~$ openssl s_client -connect localhost:25 -starttls smtp

Look for (in my case) something like:

subject=/CN=blakjak.net
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---

And then there's IMAP and POP, the below will quickly show the dates of your cert:

blakjak@raven:~$ openssl s_client -connect localhost:993 2>/dev/null | openssl x509 -noout -dates
notBefore=May 17 07:45:00 2017 GMT
notAfter=Aug 15 07:45:00 2017 GMT
blakjak@raven:~$ openssl s_client -connect localhost:995 2>/dev/null | openssl x509 -noout -dates
notBefore=May 17 07:45:00 2017 GMT
notAfter=Aug 15 07:45:00 2017 GMT