Comments (9)
I noticed something strange on my installation... I'll have a look, but cannot promise an ETA, quite busy lately :(
from certbot-zimbra.
I just updated a 8.6RHEL7 and cert has been deployed fine. In the next days I'll have a chance to update an UBUNTU12 one, I'll let you know
from certbot-zimbra.
FWIW my Zimbra box runs on 14.04 but shouldn't make much difference probably.
from certbot-zimbra.
What does
openssl x509 -noout -dates -in /opt/zimbra/ssl/zimbra/commercial/commercial.crt
says?
from certbot-zimbra.
openssl x509 -noout -dates -in /opt/zimbra/ssl/zimbra/commercial/commercial.crt
notBefore=May 11 11:15:00 2017 GMT
notAfter=Aug 9 11:15:00 2017 GMT
from certbot-zimbra.
Are you sure the letsencrypt cert has been renewed? And that the certs in /opt/zimbra/ssl/letsencrypt/
are the renewed ones? Check with the same command
from certbot-zimbra.
The problem appears to be due to the fact that the script is getting the information from /etc/letsencrypt/live/zimbra.example.com
while Certbot has created the new stuff into /etc/letsencrypt/live/zimbra.example.com-0001
.
This may be due to the fact that the initial request was done with a SAN (Subject Alternative Name aka multi-domain certificate) but the new request dropped this to one hostname (which was intended).
Once i moved the zimbra.example.com
to zimbra.example.com_old
and zimbra.example.com-0001
to zimbra.example.com
and now the commercial.crt has been replaced properly and is working fine now.
So the issue appears to be here that the script cannot deal with the fact that a certificate request can change and result in a new folder.
from certbot-zimbra.
I should take advantage of shell vars passed to the renew hook:
--renew-hook RENEW_HOOK
Command to be run in a shell once for each
successfully renewed certificate. For this command,
the shell variable $RENEWED_LINEAGE will point to the
config live subdirectory (for example,
"/etc/letsencrypt/live/example.com") containing the
new certificates and keys; the shell variable
$RENEWED_DOMAINS will contain a space-delimited list
of renewed certificate domains (for example,
"example.com www.example.com" (default: None)
from certbot-zimbra.
I've pushed a test fix, if you have any chance to test it.
from certbot-zimbra.
Related Issues (20)
- Can not renew SSL certificate after Letsencrypt's "DST Root CA X3" expired in September 2021 HOT 1
- CN = DST Root CA X3 error 10 at 3 depth lookup:certificate has expired HOT 1
- cat: /etc/ssl/certs/2e5ac55d.0: No such file or directory Error! HOT 3
- TypeError: __str__ returned non-string (type Error) HOT 2
- Using --deploy-hook to avoid "cat: /etc/ssl/certs/2e5ac55d.0" error (closed as #140) HOT 9
- ERROR: Unable to validate certificate chain: /run/certbot-zimbra/certs-k1IwpQa5/cert.pem: O = Digital Signature Trust Co., CN = DST Root CA X3 error 10 at 3 depth lookup:certificate has expired OK HOT 3
- ERROR: Unable to validate certificate chain C = US, O = Internet Security Research Group, CN = ISRG Root X1 HOT 1
- Disable snapd systemd timers
- Verifying cert.pem zimbra_chain.pem error HOT 2
- Issue with renew HOT 5
- Deploy: keytool error: java.io.FileNotFoundException file not found error HOT 2
- find_additional_public_hostnames() enhancement for virtual hosts
- issue with EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287 HOT 5
- certbot-zimbra is failling to update certificates HOT 1
- No release version 0.7.13 HOT 6
- zmcertmgr ERROR chdir(/root) failed: Permission denied HOT 2
- ./install: line 102: declare: -n: invalid option HOT 1
- zmcertmgr error HOT 1
- Checking for dependencies... /bin/bash: /root/bin/zmcontrol: HOT 7
- Script hung on 1st install on NGIX patch HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot-zimbra.