Automatic Certbot Upgrade and Renewal Issue.

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
00a
Posts: 13
Joined: Sun Sep 22, 2019 12:29 pm

Automatic Certbot Upgrade and Renewal Issue.

Post by 00a »

Hi,

I've been using the package at https://github.com/AJRepo/ZimbraCertDeploy to automatically update certbot SSL certificates. It works great, except that I have to
log onto the Zimbra server after it's done to run a final "zmcontrol restart"

I'm looking at the logs and they all indicate that the renewal is fine, that the restart is fine, etc. But I still have to manually make one more restart command. I can't
figure out why.

I've talked to the github repo maintainer and they are stumped too. In the logs below you'll see a complete run
1) Download cert and sleep until 3 am the next morning
2) Backups OK
3) Deploy OK
4) Restart OK

and then several checks to see if Zimbra is running ( In function restart_zimbra_if_not_running----) which says that it is. But it's not.

Completely puzzled. If anyone can help diagnose I'd really appreciate it. It's not a massive issue since everything works except a successful automatic restart at the end, but
I just want to eliminate that final manual login/restart step. I'm stumped. Last log below:

---BEGIN LAST NIGHTS LOG FILE---

Subject: Logfile: Letsencrypt Renewal of Zimbra Cert
From: <<ZimbraMailServer@REDACTED>
To: <postmaster@REDACTED>


Starting Logfile 50_ZimbraCertDeploy.sh
Date: Fri Jan 27 10:57:24 CST 2023
RESTART_DATE: Sat Jan 28 03:00:00 CST 2023
This file: /opt/zimbra/log/50_ZimbraCertDeploy.sh.1674838754.log
2023-01-27T10:59:14-06:00 [INFO] SECONDS_TIL_START: 57646
2023-01-28T03:00:00-06:00 [INFO] Make Backup Directory
2023-01-28T03:00:00-06:00 [INFO] Backup Old Cert
2023-01-28T03:00:00-06:00 [INFO] Copy New Cert
2023-01-28T03:00:00-06:00 [INFO] X1 Cert Chaining
2023-01-28T03:00:01-06:00 [INFO] Check Certs Prior to Deploy
2023-01-28T03:00:03-06:00 [INFO] Check Certs Prior to Deploy
2023-01-28T03:00:05-06:00 [INFO] About to run 'zmmailboxdctl stop'
2023-01-28T03:00:31-06:00 [INFO] About to backup Zimbra Certs
2023-01-28T03:00:31-06:00 [INFO] About to Deploy 'zmcertmgr deploycrt comm at Sat Jan 28 03:00:31 CST 2023'
2023-01-28T03:00:40-06:00 [INFO] 'certmgr deploycrt comm' command success
2023-01-28T03:00:40-06:00 [INFO] About to restart 'zmcontrol restart' at Sat Jan 28 03:00:40 CST 2023
2023-01-28T03:00:40-06:00 [INFO] In function restart_zimbra----
Host REDACTED
Stopping vmware-ha...Done.
Stopping zmconfigd...Done.
Stopping zimlet webapp...Done.
Stopping zimbraAdmin webapp...Done.
Stopping zimbra webapp...Done.
Stopping service webapp...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping opendkim...Done.
Stopping amavis...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping proxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping convertd...Done.
Stopping logger...Done.
Stopping dnscache...Done.
Stopping ldap...Done.
Host REDACTED
Starting ldap...Done.
Starting zmconfigd...Done.
Starting dnscache...Done.
Starting logger...Done.
Starting convertd...Done.
Starting mailbox...Done.
Starting memcached...Done.
Starting proxy...Done.
Starting amavis...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting opendkim...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
Starting service webapp...Done.
Starting zimbra webapp...Done.
Starting zimbraAdmin webapp...Done.
Starting zimlet webapp...Done.
2023-01-28T03:12:53-06:00 [INFO] 'zmcontrol restart' command success
2023-01-28T03:12:53-06:00 [INFO] Command Complete 'zmcontrol restart' at Sat Jan 28 03:12:53 CST 2023
2023-01-28T03:12:53-06:00 [INFO] About to restart proxy 'zmproxyctl reload' at Sat Jan 28 03:12:53 CST 2023
2023-01-28T03:12:57-06:00 [INFO] All done. About to send message of completion
2023-01-28T03:12:57-06:00 [INFO] About to restart 'zmcontrol restart'
2023-01-28T03:12:57-06:00 [INFO] In function restart_zimbra----
Host REDACTED
Stopping vmware-ha...Done.
Stopping zmconfigd...Done.
Stopping zimlet webapp...Done.
Stopping zimbraAdmin webapp...Done.
Stopping zimbra webapp...Done.
Stopping service webapp...Done.
Stopping stats...Done.
Stopping mta...Done.
Stopping spell...Done.
Stopping snmp...Done.
Stopping cbpolicyd...Done.
Stopping archiving...Done.
Stopping opendkim...Done.
Stopping amavis...Done.
Stopping antivirus...Done.
Stopping antispam...Done.
Stopping proxy...Done.
Stopping memcached...Done.
Stopping mailbox...Done.
Stopping convertd...Done.
Stopping logger...Done.
Stopping dnscache...Done.
Stopping ldap...Done.
Host REDACTED
Starting ldap...Done.
Starting zmconfigd...Done.
Starting dnscache...Done.
Starting logger...Done.
Starting convertd...Done.
Starting mailbox...Done.
Starting memcached...Done.
Starting proxy...Done.
Starting amavis...Done.
Starting antispam...Done.
Starting antivirus...Done.
Starting opendkim...Done.
Starting snmp...Done.
Starting spell...Done.
Starting mta...Done.
Starting stats...Done.
Starting service webapp...Done.
Starting zimbra webapp...Done.
Starting zimbraAdmin webapp...Done.
Starting zimlet webapp...Done.
2023-01-28T03:25:32-06:00 [INFO] 'zmcontrol restart' command success
2023-01-28T03:25:32-06:00 [INFO] Command Complete 'zmcontrol restart'
In function restart_zimbra_if_not_running----
--
2023-01-28T03:25:47-06:00 [INFO] --About to test running 'zmcontrol status'
2023-01-28T03:25:58-06:00 [INFO] --All Zimbra services are running
In function restart_zimbra_if_not_running----
--
2023-01-28T03:30:58-06:00 [INFO] --About to test running 'zmcontrol status'
2023-01-28T03:31:07-06:00 [INFO] --All Zimbra services are running
---END LAST NIGHTS LOG FILE---
User avatar
barrydegraaff
Zimbra Employee
Zimbra Employee
Posts: 242
Joined: Tue Jun 17, 2014 3:31 am
Contact:

Re: Automatic Certbot Upgrade and Renewal Issue.

Post by barrydegraaff »

Since you have to reboot your server every now and then to apply security updates to the operating system, I would just disable the parts of the renewal process that restart Zimbra and instead reboot the server.
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Post Reply