Page 1 of 1

certbot-zimbra v0.2

Posted: Sun Sep 10, 2017 8:30 am
by maxxer
Hi
An update for the users of this script: I've partially rewritten it so that now it patches nginx's template file instead of production ones. It should now better behave in different conditions.
I've also embedded the patches inside the script, so there's less crap around to handle.

If you're using it testing is welcome.

Thanks
https://github.com/YetOpen/certbot-zimbra

Re: certbot-zimbra v0.2

Posted: Sun Sep 10, 2017 10:14 am
by jorgedlcruz
I've sticky-ed it for couple of weeks.

Re: certbot-zimbra v0.2

Posted: Fri Feb 01, 2019 5:59 pm
by liverpoolfcfan
Hi Maxxer,

I have used the beta4 version of the script, and it works great to get and deploy a new certificate. All I needed to do was temporarily open port 80 on the firewall.

However, if I run the command

Code: Select all

/path-to/certbot-zimbra-0.4.0-beta/certbot_zimbra.sh -n

a second time, I get a menu - presumably from Let's Encrypt certbot that states

Code: Select all

Cert not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: /etc/letsencrypt/renewal/my.domain.conf)

What would you like to do?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Keep the existing certificate for now
2: Renew & replace the cert (limit ~5 per 7 days)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):


If I answer 1 to keep the existing certificate the script goes ahead and redeploys the certificate again - restarting zimbra in the process.

Questions
(a) is there a flag I can pass to the script so that it will not prompt with that menu (and will assume answer 1)?
(b) if there a flag I can pass to the script that will tell it to skip redeploying the script if it wasn't renewed?

Thanks

Re: certbot-zimbra v0.2

Posted: Fri Feb 01, 2019 6:14 pm
by maxxer
Why are you running -n again? That should be executed just the first time for the request.

When the certificate has been renewed you should call the script with -r, which deploys the renewed cert. See the cron configuration in the readme.

Re: certbot-zimbra v0.2

Posted: Wed Aug 21, 2019 10:43 am
by liverpoolfcfan
Works great. Have auto-renewed twice now. Thank you.

Re: certbot-zimbra v0.2

Posted: Mon Sep 09, 2019 7:54 pm
by onzyg
Thanks was able to install it and I followed the section "Renewal using crontab" to auto renew.