Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mnalis/acmetool-zimbra

Let's Encrypt certificates for Zimbra using acmetool
https://github.com/mnalis/acmetool-zimbra

acme letsencrypt zimbra

Last synced: about 16 hours ago
JSON representation

Let's Encrypt certificates for Zimbra using acmetool

Host: GitHub
URL: https://github.com/mnalis/acmetool-zimbra
Owner: mnalis
License: gpl-3.0
Created: 2017-03-14T23:31:59.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-03-14T04:08:07.000Z (8 months ago)
Last Synced: 2024-03-14T05:24:51.731Z (8 months ago)
Topics: acme, letsencrypt, zimbra
Language: Makefile
Homepage:
Size: 27.3 KB
Stars: 1
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # acmetool-zimbra

Let's Encrypt certificates for Zimbra using acmetool in user (non-root) mode

* assumes zimbra 8.7.x/8.8.x (tested on 8.8.15 on Ubuntu)

* requirement - zimbra setup not to listen on port 80 (so apache can listen there)

~~~

/opt/zimbra/bin/zmprov gs $(/opt/zimbra/bin/zmhostname) zimbraReverseProxyMailMode | grep Mode

~~~

should be **https** and not **redirect**

Zimbra should not use separate IP/port/certificate for each domain (but all of them using same IP/port/certificate)

* requirement - working acmetool as user acme, for example:

~~~

apt-get install acmetool make ca-certificates apache2

adduser --system --group --home /var/lib/acme --disabled-password --disabled-login acme

perl -p -i.bak -e 's{^exit 0}{# for Lets encypt acmetool\ninstall -d -o acme -g acme -m 0755 /var/run/acme\n\nexit 0}' /etc/rc.local

install -d -o acme -g acme -m 0755 /var/run/acme

sudo -u acme acmetool quickstart 

# use webproxy mode with /var/run/acme/acme-challenge as webroot path, and enable cron updates

printf 'Alias "/.well-known/acme-challenge/" "/var/run/acme/acme-challenge/"

\tAllowOverride None

\tOptions None

\tRequire all granted

\n' >> /etc/apache2/conf-available/letsencrypt.conf

a2enconf letsencrypt

service apache2 reload

~~~

* install:

~~~

cd /opt

git clone https://github.com/mnalis/acmetool-zimbra.git zcs-acmetool

~~~

* usage:

~~~

cd /opt/zcs-acmetool && make

~~~

it will auto-detect all the hostnames you use (you can check in *all_domains.txt* file) and request let's encrypt certificates for them

* auto-renew

~~~

cp example.cron /etc/cron.daily/zimbra-acmetool

~~~