Notifications
Clear all

Carbonio letsencrypt deployment script for acme.sh


JDunphy
(@jdunphy)
Joined: 4 years ago
Posts: 7
Topic starter  

There are many acme clients to issue and install letsencrypt certificates. If you use acme.sh (bash script), Here's a deploy script which might be of use to others.

I have been using this for automatic LE certificate renewals with carbonio. It will use and requires the LE alternative chain.  If you install acme.sh as the zextras user, you will then get automatic cert renewals every 60 days. Provided you know how to use and install acme.sh, add the following script to its deploy directory.  

https://github.com/JimDunphy/acme.sh/blob/master/deploy/carbonio.sh

Once you have a certificate issued for the LE alternative chain, installing that freshly issued LE certificate is:

# su - zextras

% cd .acme.sh; ./acme.sh --deploy --deploy-hook carbonio -d mail.example.com

If you are using something like dns validation for LE certificate issue than subsequent renewals are handled automatically by a zextra's cron entry which was added when you installed acme.sh as the zextras user.

if acme.sh is new to you, follow the wiki link in the above carbonio.sh deploy script... it will walk you through installing acme.sh and a few commands you must initially execute to always pull the LE alternative chain. Look at only the acme.sh commands. Substitute zextra's for zimbra where it makes sense given we don't have a place for community wiki's articles to make a carbonio specific version.

Note: acme.sh supports more than LE certificates so it's important to specify that you want to default to LE certs. That wiki article shows the 2 commands to do this after the initial acme.sh install.


Quote
phoenix
(@phoenix)
Joined: 8 years ago
Posts: 53
 

Hi Jim

As usual a nice, easy method of installing certificates. I haven't got my setup of Carbonio yet but I'm looking forward testing it a bit later in the year. Many thanks for your work with this, it helps me a lot! 🙂


ReplyQuote