Automated letsencrypt/certbot certificate deploy script for Zimbra hosts.
The script tweaks zimbra’s nginx config to allow access of .well-known webserver location from local files instead of redirecting upstream to jsp. So it may not be used if there’s no zimbra-nginx package installed.
Letsencrypt by default tries to verify a domain using https, so the script should work fine if zimbraReverseProxyMailModes is set to both or https. May not work for http only.
This is still a BETA script. Tested on:
- 8.8.8_UBUNTU16
- 8.7.11_RHEL7
- 8.6_RHEL7
- 8.6_UBUNTU12
Requirements
- zimbra-proxy package is required (for !https mode)
- of course either
certbot
orletsencrypt
binary is required
Certbot installation
The preferred way is to install it is by using the wizard at certbot’s home. Choose None of the above as software and your operating system. This will allow you to install easily upgradable system packages.
By installing Certbot via packages it automatically creates a cron schedule to renew certificates. We must disable this schedulebecause after the renew we must deploy it in Zimbra. So open /etc/cron.d/certbot
with your favourite editor and comment the last line.
For more check the project page on github
https://github.com/YetOpen/certbot-zimbra
Bir yanıt yazın