forked from penzoiders/zimbra-auto-letsencrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
letsencrypt-zimbra.conf.example
executable file
·71 lines (58 loc) · 2.29 KB
/
letsencrypt-zimbra.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
# credit for original script Vojtech Myslivec <[email protected]>
# https://github.com/VojtechMyslivec/letsencrypt-zimbra
# GPLv2 licence
# fork author: Lorenzo Faleschini <[email protected]>
# https://github.com/penzoiders/letsencrypt-zimbra
# --------------------------------------------------------------------
# -- Mandatory Variables ---------------------------------------------
# --------------------------------------------------------------------
# common name in the certificate
PRINCIPAL="your.fqdn.here"
ADDITIONAL="your.other.fqdn.here, even.other.here, some.more.dot.com" # respect commas!
CN=$PRINCIPAL", "$ADDITIONAL
# email for letsencrypt communications
letsencrypt_email="[email protected]"
# zimbra-letsencrypt folder
letsencrypt_zimbra_dir="/root/zimbra-auto-letsencrypt"
# --------------------------------------------------------------------
# -- Variables that usually are ok like this -------------------------
# --------------------------------------------------------------------
# letsencrypt tool
letsencrypt="/usr/bin/certbot"
# letsencrypt live directory
letsencrypt_live_dir="/etc/letsencrypt/live/${PRINCIPAL}"
# generated cert
letsencrypt_issued_cert_file="${letsencrypt_live_dir}/cert.pem"
# generated chain
letsencrypt_issued_chain_file="${letsencrypt_live_dir}/chain.pem"
# generated fullchain
letsencrypt_issued_fullchain_file="${letsencrypt_live_dir}/fullchain.pem"
# generated key
letsencrypt_issued_key_file="${letsencrypt_live_dir}/privkey.pem"
# root CA
root_CA_file="${letsencrypt_zimbra_dir}/DSTRootCAX3.pem"
# zimbra service and binary details
zimbra_service="zimbra"
zimbra_user="zimbra"
zimbra_dir="/opt/zimbra"
zimbra_bin_dir="${zimbra_dir}/bin"
zmcertmgr="${zimbra_bin_dir}/zmcertmgr"
zimbra_ssl_dir="${zimbra_dir}/ssl/zimbra/commercial"
zimbra_key="${zimbra_ssl_dir}/commercial.key"
# subject in request -- does not matter for letsencrypt but must be there for openssl
cert_subject="/"
# openssl config skeleton
# it is important to have an alt_names section there!
openssl_config="
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[req_distinguished_name]
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = $CN
"