renew_certificat_from_letsencrypt
Ceci est une ancienne révision du document !
Change certificate of no standard port
generate a new one and copy (with root user)
certbot -d mail.domain.tld --force-renewal --preferred-chain "ISRG Root X1" --manual --preferred-challenges dns certonly cp /etc/letsencrypt/live/domain.tld/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/domain.tld/chain.pem
copy to tmp
/etc/letsencrypt/live/domain.tld/chain.pem /tmp /etc/letsencrypt/live/domain.tld/cert.pem /tmp
Verify cert
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem
Deploy cert
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem
Restart zimbra
zmcontrol restart
renew_certificat_from_letsencrypt.1636657035.txt.gz · Dernière modification : 2021/11/11 19:57 de inc002