-
Notifications
You must be signed in to change notification settings - Fork 78
/
certbot_zimbra.sh.1
90 lines (90 loc) · 4.36 KB
/
certbot_zimbra.sh.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3.
.TH CERTBOT_ZIMBRA.SH "1" "June 2023" "certbot_zimbra.sh 1.0.2" "User Commands"
.SH NAME
certbot_zimbra.sh \- manual page for certbot_zimbra.sh 1.0.2
.SH SYNOPSIS
.B certbot_zimbra.sh
[ \fI\,-d | -n | -p \/\fR] [\fI\,options\/\fR]...
.SH DESCRIPTION
.IP
This script automates installing, renewing and deploying ACME certificates to Zimbra. It's a wrapper around Certbot and Zimbra tools.
.SH OPTIONS
.IP
Only one option at a time can be supplied. Options cannot be chained.
.SS "Mode selection:"
.TP
\fB\-p\fR | \fB\-\-patch\-only\fR:
does only nginx patching. Useful to be called before renew, in case nginx templates have been overwritten by an upgrade.
.TP
\fB\-n\fR | \fB\-\-new\fR:
performs a request for a new certificate ("certonly"). Can be used to update the domains in an existing certificate.
.TP
\fB\-d\fR | \fB\-\-deploy\-only\fR:
Just deploys certificates. Will detect if it's being run from Certbot renew_hook or \fB\-\-deploy\-hook\fR and only deploy if env variable RENEWED_DOMAINS matches the hostname. If run standalone, assumes valid certificates are in \fI\,/etc/letsencrypt/live\/\fP.
.SS "Global options:"
.TP
\fB\-c\fR | \fB\-\-prompt\-confirm\fR:
ask for confirmation.
.TP
\fB\-q\fR | \fB\-\-quiet\fR:
Do not output anything except errors. Useful for scripts. Implies \fB\-N\fR/\-\-noninteractive.
.TP
\fB\-H\fR | \fB\-\-hostname\fR <my.host.name>:
hostname being requested. If not passed it's automatically detected using "zmhostname". Used as Zimbra server name in zmprov, CN and name for certificate.
.SS "Port check (--patch-only and --new):"
.TP
\fB\-j\fR | \fB\-\-no\-port\-check\fR:
disable port check.
.TP
\fB\-P\fR | \fB\-\-port\fR <port>:
port the web server to use for the ACME HTTP\-01 challenge is listening on. Is detected from zimbraMailProxyPort if not set. Mandatory with \fB\-x\fR/\-\-no\-nginx unless \fB\-j\fR/\-\-no\-port\-check is set.
.SS "Nginx options (--patch-only and --new):"
.TP
\fB\-w\fR | \fB\-\-webroot\fR "/path/to/www":
path to the webroot of alternate webserver. Valid only with \fB\-x\fR/\-\-no\-nginx.
.TP
\fB\-x\fR | \fB\-\-no\-nginx\fR:
Alternate webserver mode. Don't check and patch zimbra\-proxy's nginx. Must also specify \fB\-P\fR/\-\-port and \fB\-w\fR/\-\-webroot.
.SS "Options for -n|--new:"
.TP
\fB\-a\fR | \fB\-\-agree\-tos\fR:
agree with the Terms of Service of the ACME server (avoids prompt)
.TP
\fB\-L\fR | \fB\-\-letsencrypt\-params\fR "\-\-extra\-le\-parameter":
Additional parameter to pass to Certbot. Must be repeated for each parameter and argument, e.g. \fB\-L\fR "\-\-preferred\-chain" \fB\-L\fR "ISRG Root X1"
.TP
\fB\-N\fR | \fB\-\-noninteractive\fR:
Pass \fB\-\-non\-interactive\fR to Certbot.
.TP
\fB\-\-no\-override\-key\-type\-rsa\fR:
if Certbot >=v2.0.0 has been detected, do not override ECDSA to RSA with "\-\-key\-type rsa" (use this to get the default ECDSA key type, Zimbra does NOT support it!)
.TP
\fB\-e\fR | \fB\-\-extra\-domain\fR <extra.domain.tld>:
additional domain names being requested. Can be used multiple times. Implies \fB\-u\fR/\-\-no\-public\-hostname\-detection.
.TP
\fB\-u\fR | \fB\-\-no\-public\-hostname\-detection\fR:
do not detect additional hostnames from domain zimbraPublicServiceHostname and zimbraVirtualHostname.
.SS "Deploy options:"
.TP
\fB\-s\fR | \fB\-\-services\fR <service_names>:
comma\-separated list of services to be used for a certificate. Passed to 'zmcertmgr'. Valid services are 'all' or any of: ldap,mailboxd,mta,proxy,imapd. Default: 'all'
.TP
\fB\-z\fR | \fB\-\-no\-zimbra\-restart\fR:
do not restart Zimbra after a certificate deployment
.SH "REPORTING BUGS"
Report bugs at: https://github.com/YetOpen/certbot\-zimbra
.SH COPYRIGHT
Copyright \(co 2023 Lorenzo Milesi <[email protected]>, Jernej Jakob <[email protected]>
.PP
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
.PP
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.PP
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.