Understood. Your script looks good to me which is what I was recommending above. Might be a good idea to force a renewal sooner if possible and get to root cause. You can verify the certs deployed by looking at the dates of the copied files to know if a restart was not executed.myriad wrote:I think I've found the problem. I have a restartzimbra.sh script that runs after your deploy code but it was not running and that's why the certificate isn't updated.
Code: Select all
% ls -lt /opt/zimbra/conf/slapd.*
-rw-r----- 1 zimbra zimbra 7213 Aug 4 10:46 slapd.crt
-rw-r----- 1 zimbra zimbra 1679 Aug 4 10:46 slapd.key
% ls -lt /opt/zimbra/ssl/zimbra/commercial
-rw-r----- 1 zimbra zimbra 5030 Aug 4 10:46 commercial_ca.crt
-rw-r----- 1 zimbra zimbra 7213 Aug 4 10:46 commercial.crt
-rw-r----- 1 zimbra zimbra 1679 Aug 4 10:46 commercial.key
% ls -lt /opt/zimbra/conf/nginx.???
-rw-r----- 1 zimbra zimbra 7213 Aug 4 10:46 /opt/zimbra/conf/nginx.crt
-rw-r----- 1 zimbra zimbra 1679 Aug 4 10:46 /opt/zimbra/conf/nginx.key
% -l /opt/zimbra/conf/smtpd.???
-rw-r----- 1 zimbra zimbra 7213 Aug 4 10:46 /opt/zimbra/conf/smtpd.crt
-rw-r----- 1 zimbra zimbra 1679 Aug 4 10:46 /opt/zimbra/conf/smtpd.key
% ls -l /opt/zimbra/mailboxd/etc/keystore
-rw-r----- 1 zimbra zimbra 4965 Aug 4 10:46 /opt/zimbra/mailboxd/etc/keystore
% ls -l /opt/zimbra/ssl/zimbra/jetty.pkcs12
-rw-r----- 1 zimbra zimbra 6952 Aug 4 10:46 /opt/zimbra/ssl/zimbra/jetty.pkcs12
I see that you responded while I was writing this...The cron time didn't register with me that acme.sh was executing. You are correct. Bad advice on my part. It would restart every hour and then eventually stop after you couldn't issue any more certs. If you want to test sooner, Add an hour and min field.
Jim