Scriptable

Outils pour utilisateurs

Outils du site

Piste : hot_resize_scsi_lun_from_synology renew_certificat_from_letsencrypt
renew_certificat_from_letsencrypt

Ceci est une ancienne révision du document !

Change certificate of no standard port

generate a new one and copy (with root user) 

certbot -d mail.domain.tld --force-renewal --preferred-chain "ISRG Root X1" --manual --preferred-challenges dns certonly
cp /etc/letsencrypt/live/domain.tld/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/domain.tld/chain.pem

copy to tmp 

/etc/letsencrypt/live/domain.tld/chain.pem /tmp
/etc/letsencrypt/live/domain.tld/cert.pem /tmp

Verify cert 

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem

Deploy cert 

/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem

Restart zimbra 

zmcontrol restart

Renew certificate with OVH API

Introduction

You need to install certbot with OVH API support described to point 1 and 2 of https://buzut.net/certbot-challenge-dns-ovh-wildcard/ For automatic renewal, you can add to crontab the script bellow

<bash> #!/bin/bash DOMAIN='mydomain.tld' CERTBOT_OUT=“” TMP_CERTBOT=“/tmp/certbot.txt”

touch $TMP_CERTBOT

/usr/local/bin/certbot –preferred-chain “ISRG Root X1” certonly –dns-ovh –dns-ovh-credentials /root/.ovhapi –non-interactive –agree-tos –email postmaster@$DOMAIN -d mail.$DOMAIN > /tmp/certbot.txt

#check id renewal is needed CERTBOT_OUT=`cat $TMP_CERTBOT | grep “Certificate not yet due for renewal; no action taken.”`

if [ -z “$CERTBOT_OUT” ] then 

cp /etc/letsencrypt/live/mail.$DOMAIN/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.$DOMAIN/chain.pem
cp /etc/letsencrypt/live/mail.$DOMAIN/chain.pem /tmp
cp /etc/letsencrypt/live/mail.$DOMAIN/cert.pem /tmp
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/cert.pem /tmp/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/cert.pem /tmp/chain.pem"
rm /tmp/chain.pem
rm /tmp/cert.pem
su - zimbra -c "zmcontrol restart"

else 

echo $CERTBOT_OUT

fi

rm $TMP_CERTBOT </bash>

renew_certificat_from_letsencrypt.1666656140.txt.gz · Dernière modification : 2022/10/25 02:02 de inc002