zimico wrote:Dear JDunphy,
Could you please intruct how to renew cert automatically? Currently I put in cron 2 job:
Code: Select all
For zimbra user:
5 1 * * * /opt/letsencrypt/deploy-zimbra-letsencrypt.sh
For user which I use to run acme.
@daily /home/administrator/.acme.sh/acme.sh --renew -d mail.zimilab.com
However, my cert is now expired and can not renew automatically.
Many thanks.
Yea the problem is you need to do it in 59 days or less... acme.sh will not let you do that unless you use the --force option because it doesn't think it is time to renew given you have 90 days.
If you are using the dns method and it
has expired, the process is two step but it would be manual if you are entering the TXT records by hand for verification so you can't automate that unless you use the DNS API or use one of the other verification methods. If you get to it before 60 days, the process is 1 step with the --renew. From what you typed, it probably is using the previous method you used to initially verify the domain so I am guessing DNS since you are using the zimbra user to do this and it has expired.
Summary:
Code: Select all
acme.sh --issue --dns -d mail.zimilab.com -d zimilab.com -d othernames, etc
acme.sh --renew --dns -d mail.zimilab.com -d zimilab.com -d othernames, etc
If you have a DNS provider like cloudflare, godaddy, etc you can add the API key to your account.conf file in ~/.acme.sh directory. So you would have and entry like this for Cloudflare (ie. CF stands for cloudflare):
Code: Select all
echo 'SAVED_CF_Key="....."' >> ~/.acme.sh/account.conf
echo 'SAVE_CF_Email='user@domain.com' >> ~/.acme.sh/account.conf
Then you could do this:
Code: Select all
acme.sh --issue --dns dns_cf -d mail.zimilab.com -d zimilab.com -d othernames, etc
You can also use other methods for acme.sh if you don't want to do DNS... see the
https://github.com/Neilpang/acme.sh. If you haven't updated in a while, do this:
Double check your permissions afterwords if you do this other than the zimbra user or deploy-zimbra-letsencrypt.sh won't have permissions to copy the files. Note: You might also investigate some of the other methods for verification with acme.sh from the github page if they are more convenient ... The deploy-zimbra-letsencrypt.sh won't care what method you use for verification provided you have a valid certificate.
HTH,
Jim