What is your working directory? ie. pwd? This is how I use it.
Code: Select all
su - zimbra
cd /opt/letsencrypt
./deploy-zimbra-letsencrypt.sh
Code: Select all
su - zimbra
cd /opt/letsencrypt
./deploy-zimbra-letsencrypt.sh
My guess is you have .acme.sh owned by root in /opt/letsencryptthere is an error: '/bin/cp: cannot create directory './.acme.sh': Permission denied
Code: Select all
cd /opt/letsencrypt
% ls -al
total 28
drwxr-xr-x 3 zimbra root 4096 Apr 2 18:15 .
drwxr-xr-x 6 root root 4096 Feb 17 18:40 ..
drwxr-x--- 7 zimbra zimbra 4096 Apr 2 18:06 .acme.sh
-rwxr-x--- 1 zimbra zimbra 5260 Feb 17 18:43 deploy-zimbra-letsencrypt.sh
Code: Select all
chown -R zimbra /opt/letsencrypt
Code: Select all
/bin/cp -rf $user/.acme.sh .
if [ $? == 1 ]; then
say "Check permissions: CERT cp failed for $user/.acme.sh"
fi
Code: Select all
root@zmail:/opt# pwd
/opt
Code: Select all
root@zmail:~# cd /opt/letsencrypt
root@zmail:/opt/letsencrypt# ls -al
total 40
drwxr-x--- 5 zimbra zimbra 4096 Apr 26 18:18 .
drwxr-xr-x 5 root root 4096 Apr 26 16:34 ..
drwxr-xr-x 8 zimbra zimbra 4096 Apr 26 18:18 .acme.sh
-rwxr-x--x 1 zimbra zimbra 5308 Apr 26 18:13 deploy-zimbra-letsencrypt.sh
drwxr-x--- 8 zimbra zimbra 4096 Apr 26 16:33 .git
-rwxr-xr-x 1 zimbra zimbra 23 Apr 26 16:50 hello.sh
-rw-r----- 1 zimbra zimbra 6259 Apr 26 16:33 README.MD
drwxr-x--- 3 zimbra zimbra 4096 Apr 26 16:33 Recipies
Code: Select all
su - zimbra
cd /opt/letsencrypt
./deploy-zimbra-letsencrypt.sh
Code: Select all
/opt/letsencrypt/deploy-zimbra-letsencrypt.sh
Code: Select all
su - zimbra
cd /opt/letsencrypt
/bin/cp -rf $user/.acme.sh .
Code: Select all
su - zimbra
find /home/rick/.acme.sh ! -readable
and
find /opt/letsencrypt ! -writable
Code: Select all
zmail.watermarkpromo.com uses an invalid security certificate. The certificate is only valid for zmail.myriad.ca Error code: SSL_ERROR_BAD_CERT_DOMAIN
I missed your posting where you appear to have it working and were asking for multiple domain names. You do the multiple domains like this:Now I just have to put all this together so that I can automate it through various cron jobs. One last question (I promise), if I have multiple domains on the same server do I need multiple 'deploy' scripts for each domain?
Code: Select all
acme.sh --issue --standalone -d domain1 -d domain2 -d domain3 ...
or
acme.sh --issue --dns -d mail.example.com -d mail.example.net -d ...
or
...
Code: Select all
#Step 0 - verify if its time
/opt/zimbra/bin/zmcertmgr checkcrtexpiration -days $min > /dev/null
if [ $? == 0 ]; then
say "not time yet to renew"
exit 0
fi
Code: Select all
** Verifying 'zmail.watermarkpromo.com.cer' against 'zmail.watermarkpromo.com.key'
ERROR: Can't read file 'zmail.watermarkpromo.com.cer'
cert did not verify
Code: Select all
root@zmail:/home/rick/.acme.sh# ls
account.conf acme.sh.env deploy http.header zmail.stephenleacock.ca
acme.sh ca dnsapi zmail.myriad.ca zmail.watermarkpromo.com
Interesting.myriad wrote: Plus, reading your how-to, I think I have too many domain directories in my .acme.sh file:Shouldn't all the certs be in the one FQDN folder (zmail.myriad.ca)?Code: Select all
root@zmail:/home/rick/.acme.sh# ls account.conf acme.sh.env deploy http.header zmail.stephenleacock.ca acme.sh ca dnsapi zmail.myriad.ca zmail.watermarkpromo.com
Code: Select all
acme.sh --issue --dns -d zmail.myriad.ca -d zmail.stephenleacock.ca -d mail.watermarkpromo.com -d mail.example.com -d ...
Code: Select all
cd /opt/letsencrypt/.acme.sh/$domain/
cp $domain.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
Code: Select all
acme.sh --issue --dns -d zmail.stephenleacock.ca -d stephenleacock.ca
acme.sh --issue --dns -d zmail.myriad.ca -d myriad.ca
acme.sh --issue --dns -d mail.watermarkpromo.com -d watermarkpromo.com -d ...