certbot-zimbra v0.2

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
maxxer
Advanced member
Advanced member
Posts: 137
Joined: Fri Oct 04, 2013 2:12 am
Contact:

certbot-zimbra v0.2

Postby maxxer » Sun Sep 10, 2017 8:30 am

Hi
An update for the users of this script: I've partially rewritten it so that now it patches nginx's template file instead of production ones. It should now better behave in different conditions.
I've also embedded the patches inside the script, so there's less crap around to handle.

If you're using it testing is welcome.

Thanks
https://github.com/YetOpen/certbot-zimbra


User avatar
jorgedlcruz
Zimbra Alumni
Zimbra Alumni
Posts: 2769
Joined: Thu May 22, 2014 4:47 pm

Re: certbot-zimbra v0.2

Postby jorgedlcruz » Sun Sep 10, 2017 10:14 am

I've sticky-ed it for couple of weeks.
Jorge de la Cruz https://jorgedelacruz.es
Technical Marketing Manager at Zimbra/Synacor https://www.zimbra.com/
liverpoolfcfan
Outstanding Member
Outstanding Member
Posts: 916
Joined: Sat Sep 13, 2014 12:47 am

Re: certbot-zimbra v0.2

Postby liverpoolfcfan » Fri Feb 01, 2019 5:59 pm

Hi Maxxer,

I have used the beta4 version of the script, and it works great to get and deploy a new certificate. All I needed to do was temporarily open port 80 on the firewall.

However, if I run the command

Code: Select all

/path-to/certbot-zimbra-0.4.0-beta/certbot_zimbra.sh -n

a second time, I get a menu - presumably from Let's Encrypt certbot that states

Code: Select all

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/my.domain.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):


If I answer 1 to keep the existing certificate the script goes ahead and redeploys the certificate again - restarting zimbra in the process.

Questions
(a) is there a flag I can pass to the script so that it will not prompt with that menu (and will assume answer 1)?
(b) if there a flag I can pass to the script that will tell it to skip redeploying the script if it wasn't renewed?

Thanks
User avatar
maxxer
Advanced member
Advanced member
Posts: 137
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: certbot-zimbra v0.2

Postby maxxer » Fri Feb 01, 2019 6:14 pm

Why are you running -n again? That should be executed just the first time for the request.

When the certificate has been renewed you should call the script with -r, which deploys the renewed cert. See the cron configuration in the readme.
liverpoolfcfan
Outstanding Member
Outstanding Member
Posts: 916
Joined: Sat Sep 13, 2014 12:47 am

Re: certbot-zimbra v0.2

Postby liverpoolfcfan » Wed Aug 21, 2019 10:43 am

Works great. Have auto-renewed twice now. Thank you.
onzyg
Posts: 3
Joined: Fri Aug 02, 2019 1:52 pm
Contact:

Re: certbot-zimbra v0.2

Postby onzyg » Mon Sep 09, 2019 7:54 pm

Thanks was able to install it and I followed the section "Renewal using crontab" to auto renew.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 19 guests