renew_certificat_from_letsencrypt
Différences
Ci-dessous, les différences entre deux révisions de la page.
Prochaine révision | Révision précédente | ||
renew_certificat_from_letsencrypt [2021/11/11 19:57] – créée inc002 | renew_certificat_from_letsencrypt [2022/10/25 02:11] (Version actuelle) – inc002 | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
- | === Change certificate of no standard port == | + | ==== Change certificate of no standard port ==== |
generate a new one and copy (with root user) | generate a new one and copy (with root user) | ||
Ligne 25: | Ligne 25: | ||
zmcontrol restart | zmcontrol restart | ||
+ | | ||
+ | ==== Renew certificate with OVH API ==== | ||
+ | |||
+ | === Introduction === | ||
+ | |||
+ | You need to install certbot with OVH API support described to point 1 and 2 of https:// | ||
+ | For automatic renewal, you can add to crontab the script bellow. Don't forget to change the $DOMAIN variable and adjust the certbot line if your mail server | ||
+ | |||
+ | <code bash | renewLECertZimbra.sh> | ||
+ | #!/bin/bash | ||
+ | DOMAIN=' | ||
+ | HOST=' | ||
+ | MAIL_USER=' | ||
+ | CERTBOT_OUT="" | ||
+ | TMP_CERTBOT="/ | ||
+ | |||
+ | touch $TMP_CERTBOT | ||
+ | |||
+ | / | ||
+ | |||
+ | #check if renewal is needed | ||
+ | CERTBOT_OUT=`cat $TMP_CERTBOT | grep " | ||
+ | |||
+ | if [ -z " | ||
+ | then | ||
+ | #copy the new cert to zimbra | ||
+ | cp / | ||
+ | #ajust ownership | ||
+ | chown zimbra: | ||
+ | #download LE chain certificate | ||
+ | wget -O / | ||
+ | cat / | ||
+ | #Temp copy of cert and chain for zimbra integration (removed from /tmp after integration) | ||
+ | cp / | ||
+ | cp / | ||
+ | # verify and deploy the cert on zimbra | ||
+ | su - zimbra -c "/ | ||
+ | su - zimbra -c "/ | ||
+ | #remove cert copy to tmp | ||
+ | rm / | ||
+ | rm / | ||
+ | #restart zimbra | ||
+ | su - zimbra -c " | ||
+ | else | ||
+ | echo $CERTBOT_OUT | ||
+ | fi | ||
+ | |||
+ | rm $TMP_CERTBOT | ||
+ | </ |
renew_certificat_from_letsencrypt.1636657035.txt.gz · Dernière modification : 2021/11/11 19:57 de inc002