Another Letsencrypt method

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
Outstanding Member
Outstanding Member
Posts: 336
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: Release 8.7.11_GA_1854.RHEL6_64.P7

Re: Another Letsencrypt method

Postby JDunphy » Sun Nov 04, 2018 1:55 pm

I was able to test this a little more and while the script works perfectly for installation it fails to reload the ldap certificate and gives a false sense that everything worked perfectly. As a result - some point in the future that running ldap process will have an expired certificate. That causes a lot of side effects with stop/restarts/status etc. If you restart zimbra or reboot your hosts before the expiration then one might not notice this because the updated cert would have been reloaded. I have updated the wiki to reflect this code change. Too bad because restarting/reloading did shave a little time off the outage to update the certificate.

Note: Given how badly an expired ldap certificate behaves in this failure mode, I am going with the full restart vs finessing the addition of an ldap restart/reload to those other 3 restart/reloads myself.

Return to “Administrators”

Who is online

Users browsing this forum: Google [Bot] and 18 guests