Search found 494 matches

by JDunphy
Wed Apr 26, 2017 7:22 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 111
Views: 160735

Re: Another Letsencrypt method

Looks like the acme.sh DNS method wants you to re-verify. My new script that is in github is decoupled from the certificate process...meaning you run acme.sh until you get your certs. There are a few ways to run the acme.sh script without taking down zimbra while you learn and/or verify you got your...
by JDunphy
Mon Apr 10, 2017 2:58 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 111
Views: 160735

Re: Another Letsencrypt method

Thought I would mention the CAA record for DNS. Because I run centos 6, I am using the type257 method because my bind version doesn't support the CAA type. ; CAA record for letsencrypt example.net. IN TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267 So in theory, browsers won't accept a ce...
by JDunphy
Sat Feb 18, 2017 4:19 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 111
Views: 160735

Re: Another Letsencrypt method

Here is another gotcha waiting for people. It isn't a letsencrypt problem as zmcontrol restart issue which you will see because you are probably restarting more frequently that others because of CERT renewals. I have a machine that has gone through about 25 of these automatic cycles until last night...
by JDunphy
Wed Feb 08, 2017 11:54 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 111
Views: 160735

Re: Another Letsencrypt method

Would this do? I was documenting and reworking the script I use yesterday... It's here: https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh ... I will double check that renew-hook option to acme.sh tomorrow. I decoupled the acme.sh stuff from my script. That way I can verify different configur...
by JDunphy
Fri Feb 03, 2017 6:08 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 111
Views: 160735

Re: Another Letsencrypt method

Interesting Question. acme.sh --install does add via cron an entry to automate this and update the cert every 60 days unless you force it. I commented out the cron entry because I copy the .acme.sh directory to the production machines and then ran my script against it. But when I was testing my proc...
by JDunphy
Sun Jan 29, 2017 5:44 pm
Forum: Administrators
Topic: [Zimbra Open Source] Cannot get Proxy and Memcached working on v8.6
Replies: 11
Views: 4968

Re: [Zimbra Open Source] Cannot get Proxy and Memcached working on v8.6

Wild guess here. netstat -tnpl | grep memcached shows tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 989/memcached tcp6 0 0 :::11211 :::* LISTEN 989/memcached I see both ipv4 and ipv6 on one of those netstat's ... This thread might help http://forums.zimbra.org/viewtopic.php?f=15&t=61041&hilit=cento...
by JDunphy
Sat Jan 28, 2017 5:21 pm
Forum: Installation and Upgrade
Topic: Findings: Upgrade 8.0.7 to 8.7.n (Centos 6.5)
Replies: 16
Views: 7617

Re: Findings: Upgrade 8.0.7 to 8.7.n (Centos 6.5)

I noticed that you had to disable secure connections for ldap which I assume was for your SSL/CERTS??? I think you said you did this to get something working so you could move on. zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_starttls_required=false zmcontrol restart If ldap is no...
by JDunphy
Sat Jan 28, 2017 12:17 am
Forum: Administrators
Topic: Simple program to report successful/fail ip logins and sorted by count
Replies: 29
Views: 6837

Simple program to report successful/fail ip logins and sorted by count

In case anyone wants to track ip's with user login and the counts by ip. I use it to look for compromised accounts or ones that will be soon. ;-) It resulted from an active dictionary attack on one of our 8.7.1 servers so this quick/dirty script to see what was happening. Run the program without any...
by JDunphy
Fri Jan 27, 2017 11:27 pm
Forum: Administrators
Topic: Install New SSL Certificate
Replies: 2
Views: 748

Re: Install New SSL Certificate

A few guesses but I haven't experienced that message myself so keep that in mind. When I have received a verify error it is generally because the fullchain is incomplete ... but because you also have hostname listed in that error with ssh(22), I am wondering how you are invoking it. I tend to run it...
by JDunphy
Fri Jan 27, 2017 10:42 pm
Forum: Installation and Upgrade
Topic: Findings: Upgrade 8.0.7 to 8.7.n (Centos 6.5)
Replies: 16
Views: 7617

Re: Findings: Upgrade 8.0.7 to 8.7.n (Centos 6.5)

I am in the process of upgrading and am at the last stage of the installation. (Migrating mboxgroupXX) You will see that I have had to get over a couple of hurdles, but your input will be valuable for anyone stuck with the dilemma of having to upgrade. Oh my. I just read through some of the things ...

Go to advanced search