This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
internet:security:ssl_cert_letsencrypt_zimbra [2022/09/06 12:31] gcooper |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Using LetsEncrypt SSL Certificates with Zimbra ====== | ||
- | See also **[[internet: | ||
- | |||
- | **Howto**: https:// | ||
- | |||
- | <note warning> | ||
- | Your Zimbra will be restarted during this process, taking users offline! | ||
- | </ | ||
- | |||
- | <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</ | ||
- | |||
- | <note warning> | ||
- | |||
- | ===== Troubleshooting ===== | ||
- | |||
- | Certbot logs to ''/ | ||
- | |||
- | If you have trouble reissuing a new cert, or **if Zimbra won't start**, recreate and deploy a new self-signed cert to get Zimbra ' | ||
- | |||
- | If a cert is expired, you must reissue a new cert. | ||
- | |||
- | If a certificate renewal fails, try reissuing a new cert instead. | ||
- | |||
- | ===== Modifications ===== | ||
- | |||
- | <note tip> | ||
- | |||
- | <note tip>You **can** modify the script to support **additional SANs**...</ | ||
- | |||
- | <note tip> | ||
- | |||
- | < | ||
- | #!/bin/bash | ||
- | # | ||
- | # Modification to suppress e-mailed cron job notifications every day | ||
- | MAILTO="" | ||
- | # | ||
- | # Modification for SAN certificate with multiple hostnames | ||
- | # This may/will need to be adjusted for hostnames and possibly cert name | ||
- | # If you followed the howto above using just the actual hostname, it will look like this | ||
- | / | ||
- | # | ||
- | # Modification to test if cert was changed then exit script | ||
- | if grep "not yet due for renewal" | ||
- | exit 0 | ||
- | fi | ||
- | # | ||
- | cp "/ | ||
- | chown zimbra: | ||
- | wget -O / | ||
- | rm -f "/ | ||
- | cp "/ | ||
- | cat / | ||
- | chown zimbra: | ||
- | cd /tmp | ||
- | su zimbra -c '/ | ||
- | rm -f "/ | ||
- | </ |