Differences

This shows you the differences between two versions of the page.

--- internet:mail:zimbra:zimbra_ssl_letsencrypt [2022/09/06 12:31]
127.0.0.1 external edit
+++ internet:mail:zimbra:zimbra_ssl_letsencrypt [2024/03/02 09:25] (current)
gcooper
@@ Line 11: / Line 11: @@
 <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note>
-<note warning>The single-server portion of the howto is fantastic.  However, it only works for the actual hostname and doesn't include any SANs (alternate hostnames) you might need.</note>
+<note warning>The single-server (top) portion of the howto is fantastic.  However, it only works for the actual hostname and doesn't include any SANs (alternate hostnames) you might need.</note>
 ===== Troubleshooting =====
@@ Line 23: / Line 23: @@
 If a certificate renewal fails, try reissuing a new cert instead.
-===== Modifications =====
+If you get an error "pkcs12: Unrecognized flag propquery", see: https://community.zextras.com/forum/postid/7321/
-<note tip>**Suppress daily cron e-mail message**...</note>
+===== Modifications =====
 <note tip>You **can** modify the script to support **additional SANs**...</note>
 <note tip>Adjust script to **only run if certificate is updated**...</note>
+==== Renewal ====
 <file>
 #!/bin/bash
 #
-# Modification to suppress e-mailed cron job notifications every day
+# /etc/cron.daily/letsencrypt-zimbra
-MAILTO=""
 #
 # Modification for SAN certificate with multiple hostnames
 # This may/will need to be adjusted for hostnames and possibly cert name
 # If you followed the howto above using just the actual hostname, it will look like this
+#
 /usr/local/sbin/certbot certonly --cert-name zimbra2.yourdomain.tld -d zimbra2.yourdomain.tld -d zimbra.yourdomain.tld --standalone --manual-public-ip-logging-ok -n --preferred-chain  "ISRG Root X1" --agree-tos --register-unsafely-without-email
 #
@@ Line 55: / Line 57: @@
 chown zimbra:zimbra /etc/letsencrypt -R
 cd /tmp
-su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"'
+su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra.yourdomain.tld/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"'
+# Restart Zimbra after deploying cert
+su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra.yourdomain.tld/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"' && su zimbra -c '/opt/zimbra/bin/zmcontrol restart'
 rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"
 </file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools