Thought I would mention the CAA record for DNS. Because I run centos 6, I am using the type257 method because my bind version doesn't support the CAA type. ; CAA record for letsencrypt example.net. IN TYPE257 \# 22 000569737375656C657473656E63727970742E6F7267 So in theory, browsers won't accept a ce...

Here is another gotcha waiting for people. It isn't a letsencrypt problem as zmcontrol restart issue which you will see because you are probably restarting more frequently that others because of CERT renewals. I have a machine that has gone through about 25 of these automatic cycles until last night...

Would this do? I was documenting and reworking the script I use yesterday... It's here: https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh ... I will double check that renew-hook option to acme.sh tomorrow. I decoupled the acme.sh stuff from my script. That way I can verify different configur...

Interesting Question. acme.sh --install does add via cron an entry to automate this and update the cert every 60 days unless you force it. I commented out the cron entry because I copy the .acme.sh directory to the production machines and then ran my script against it. But when I was testing my proc...

Wild guess here. netstat -tnpl | grep memcached shows tcp 0 0 0.0.0.0:11211 0.0.0.0:* LISTEN 989/memcached tcp6 0 0 :::11211 :::* LISTEN 989/memcached I see both ipv4 and ipv6 on one of those netstat's ... This thread might help http://forums.zimbra.org/viewtopic.php?f=15&t=61041&hilit=cento...

I noticed that you had to disable secure connections for ldap which I assume was for your SSL/CERTS??? I think you said you did this to get something working so you could move on. zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_starttls_required=false zmcontrol restart If ldap is no...

In case anyone wants to track ip's with user login and the counts by ip. I use it to look for compromised accounts or ones that will be soon. ;-) It resulted from an active dictionary attack on one of our 8.7.1 servers so this quick/dirty script to see what was happening. Run the program without any...

A few guesses but I haven't experienced that message myself so keep that in mind. When I have received a verify error it is generally because the fullchain is incomplete ... but because you also have hostname listed in that error with ssh(22), I am wondering how you are invoking it. I tend to run it...

I am in the process of upgrading and am at the last stage of the installation. (Migrating mboxgroupXX) You will see that I have had to get over a couple of hurdles, but your input will be valuable for anyone stuck with the dilemma of having to upgrade. Oh my. I just read through some of the things ...

I am going to share a method from my personal blog on my centos 6+ and any zimbra upgrade process. I have done a variation of this since zimbra verson 6 if memory serves. It's intentionally simple (not too automated) with only a few commands. The technique also provides me with a method should we ha...