Comments (7)
Hi,
The instructions in certbot_zimbra.sh at lines 162, 739 etc... are pointing to "$HOME"/bin/zmcontrol but Zimbra is installed in /opt/zimbra, so when I run it it stops with this message:
Checking for dependencies...
/bin/bash: /root/bin/zmcontrol: Permission denied
Error: Unable to detect Zimbra version.
In fact all "$HOME"/bin.... are not pointing to Zimbra folder and "HOME" is not defined at the beginning as it should be "$zmpath" which points to "/opt/zimbra"
So it all redirects to the root folder.
Please advise, thank you.
from certbot-zimbra.
Yes, that's definitely a problem that I missed when not testing the previous "fix". Looks like capsh does not set HOME to the user's home. Reverting to sudo will be necessary. I'm working on it.
from certbot-zimbra.
Can you please test https://raw.githubusercontent.com/YetOpen/certbot-zimbra/master/certbot_zimbra.sh
from certbot-zimbra.
Hi Jernej,
Sorry, still not working: bash: /usr/local/bin/certbot_zimbra.sh: Permission denied
I have replaced all $HOME with /opt/zimbra/bash in the previous file yesterday and it worked but I got the limit as too many certificates (5) already issued because of all the errors I got, so I have to wait to retry.
I also still see $HOME/bin in many lines in your updated file, not sure how this will work, maybe I am missing something.
Thank you.
from certbot-zimbra.
bash: /usr/local/bin/certbot_zimbra.sh: Permission denied
That means the permissions on the script file itself are not correct. After installing it you need to chmod +x
and chown root:
, then run it as root (with sudo).
I have replaced all $HOME with /opt/zimbra/bash
That was supposed to expand to /opt/zimbra
which is the zimbra user's home, as set in /etc/passwd and can be seen with echo ~zimbra
.
I also still see $HOME/bin in many lines in your updated file, not sure how this will work, maybe I am missing something.
It expands to /opt/zimbra/bin
. The expansion is done after changing the user, so HOME is supposed to be set to zimbra's home. I did not test the previous "fix" which actually broke everything because I did not know that capsh did not set HOME but kept it at /root
which is why it was failing.
from certbot-zimbra.
You're right it worked after I did chmod +x but I was already running as root.
It looks good so far, I will need to wait for the time it will reset the certificates to 0, thank you for your efforts.
from certbot-zimbra.
I also encountered a different bug caused by using capsh. When the script was ran from certbot as a pre-hook, it would error: Error: "capsh" not found or executable
. I think this is caused by PATH not containing /sbin or /bin, possibly because cron does not put them in PATH for commands ran from root's crontab. It would be possible to fix it but since the fix for this issue already switched back to using sudo, it's not needed any more.
I tested the latest script from cron (a root crontab that ran /usr/local/certbot_zimbra.sh -p
and -d
directly) and it all worked. I don't want to test it from certbot as that would require force renewing the certificate, but it should work as I'm pretty sure certbot preserves PATH.
from certbot-zimbra.
Related Issues (20)
- CN = DST Root CA X3 error 10 at 3 depth lookup:certificate has expired HOT 1
- cat: /etc/ssl/certs/2e5ac55d.0: No such file or directory Error! HOT 3
- TypeError: __str__ returned non-string (type Error) HOT 2
- Using --deploy-hook to avoid "cat: /etc/ssl/certs/2e5ac55d.0" error (closed as #140) HOT 9
- ERROR: Unable to validate certificate chain: /run/certbot-zimbra/certs-k1IwpQa5/cert.pem: O = Digital Signature Trust Co., CN = DST Root CA X3 error 10 at 3 depth lookup:certificate has expired OK HOT 3
- ERROR: Unable to validate certificate chain C = US, O = Internet Security Research Group, CN = ISRG Root X1 HOT 1
- Disable snapd systemd timers
- Verifying cert.pem zimbra_chain.pem error HOT 2
- Issue with renew HOT 5
- Deploy: keytool error: java.io.FileNotFoundException file not found error HOT 2
- find_additional_public_hostnames() enhancement for virtual hosts
- issue with EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287 HOT 5
- certbot-zimbra is failling to update certificates HOT 1
- No release version 0.7.13 HOT 6
- zmcertmgr ERROR chdir(/root) failed: Permission denied HOT 2
- ./install: line 102: declare: -n: invalid option HOT 1
- zmcertmgr error HOT 1
- Script hung on 1st install on NGIX patch HOT 2
- getting error 20 at 0 depth lookup: unable to get local issuer certificate
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certbot-zimbra.