|
|
| Line 7: |
Line 7: |
|
| |
|
| 証明書が更新されたあとに自動 restart はこんな感じでいけるかしら | | 証明書が更新されたあとに自動 restart はこんな感じでいけるかしら |
| <syntaxhighlight lang="bash" enclose="div">
| | "--deploy-hook" 使うようにしよう |
| #!/bin/bash
| |
| /usr/local/sbin/certbot certonly -d $(hostname --fqdn) --standalone --manual-public-ip-logging-ok -n --preferred-chain "ISRG Root X1" --agree-tos --register-unsafely-without-email --key-type rsa
| |
| if [ $? -ne 0 ] ; then
| |
| cp "/etc/letsencrypt/live/$(hostname --fqdn)/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key
| |
| chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
| |
| wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
| |
| rm -f "/etc/letsencrypt/live/$(hostname --fqdn)/chainZimbra.pem"
| |
| cp "/etc/letsencrypt/live/$(hostname --fqdn)/chain.pem" "/etc/letsencrypt/live/$(hostname --fqdn)/chainZimbra.pem"
| |
| cat /tmp/ISRG-X1.pem >> "/etc/letsencrypt/live/$(hostname --fqdn)/chainZimbra.pem"
| |
| chown zimbra:zimbra /etc/letsencrypt -R
| |
| cd /tmp
| |
| su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/$(hostname --fqdn)/cert.pem" "/etc/letsencrypt/live/$(hostname --fqdn)/chainZimbra.pem"'
| |
| rm -f "/etc/letsencrypt/live/$(hostname --fqdn)/chainZimbra.pem"
| |
| su -zimbra -c "zmcontrol restart"
| |
| fi
| |
| </syntaxhighlight>
| |
|
| |
|
| *オレオレ証明書の更新 | | *オレオレ証明書の更新 |