Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » mail » zimbra » zimbra_ssl_letsencrypt
Trace:
internet:mail:zimbra:zimbra_ssl_letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:mail:zimbra:zimbra_ssl_letsencrypt [2022/09/16 11:45]
gcooper 		internet:mail:zimbra:zimbra_ssl_letsencrypt [2024/03/02 09:25] (current)
gcooper
Line 11: Line 11:
 <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note> <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note>
  
-<note warning>The single-server portion of the howto is fantastic.  However, it only works for the actual hostname and doesn't include any SANs (alternate hostnames) you might need.</note>+<note warning>The single-server (top) portion of the howto is fantastic.  However, it only works for the actual hostname and doesn't include any SANs (alternate hostnames) you might need.</note>
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 22: Line 22:
  
 If a certificate renewal fails, try reissuing a new cert instead. If a certificate renewal fails, try reissuing a new cert instead.
 +
 +If you get an error "pkcs12: Unrecognized flag propquery", see: https://community.zextras.com/forum/postid/7321/
  
 ===== Modifications ===== ===== Modifications =====
Line 28: Line 30:
  
 <note tip>Adjust script to **only run if certificate is updated**...</note> <note tip>Adjust script to **only run if certificate is updated**...</note>
 +
 +==== Renewal ====
  
 <file> <file>
 #!/bin/bash #!/bin/bash
 +#
 +# /etc/cron.daily/letsencrypt-zimbra
 # #
 # Modification for SAN certificate with multiple hostnames # Modification for SAN certificate with multiple hostnames
Line 51: Line 57:
 chown zimbra:zimbra /etc/letsencrypt -R chown zimbra:zimbra /etc/letsencrypt -R
 cd /tmp cd /tmp
-su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"'+ 
 +su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra.yourdomain.tld/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"' 
 + 
 +# Restart Zimbra after deploying cert 
 +su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra.yourdomain.tld/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"' && su zimbra -c '/opt/zimbra/bin/zmcontrol restart' 
 rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem" rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"
 </file> </file>
internet/mail/zimbra/zimbra_ssl_letsencrypt.1663350305.txt.gz · Last modified: 2022/09/16 11:45 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki