This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Contributions / Tips&Tricks / Features Requests / How to LetsEncrypt for fun and profit
« on: September 14, 2018, 08:09:41 am »
UPDATE 2018-11-12 - remove requirement to restart Apache - doesn't work in that form and isn't needed anyway
Hi there
Not sure if there's a post about this already, but I've come up with a method to automate the creation and installation of Let's Encrypt certificates which I would like to share with you.
Step 1: Install the letsencrypt package, and its prerequisities:
Step 2: Find where the certificates currently live:
Step 3: Assuming the default location, create the script:
Step 3: Open root's crontab - if this is your first time it will ask you for a choice of editor. Nano is the simplest.
Step 4: Add the following line to the open editor - replace admin with your admin username - this will set it to run on the 12th of each month at midnight (change the 12 to any number between 1 and 28 to change the day it runs - don't choose 29 to 31 since they don't always occur):
Step 5: Ensure port 80 on your Zentyal server can be reached from the outside (I'll leave that as an exercise for the reader) and run the script manually:
And, so long as you got a successful outcome of the letsencrypt program, you should be set.
Hi there
Not sure if there's a post about this already, but I've come up with a method to automate the creation and installation of Let's Encrypt certificates which I would like to share with you.
Step 1: Install the letsencrypt package, and its prerequisities:
Code: [Select]
admin@zentyla:~$ sudo apt-get install letsencrypt
Step 2: Find where the certificates currently live:
Code: [Select]
admin@zentyla:~$ grep "^\s*SSLCertificate" /etc/apache2/sites-enabled/default-ssl.conf
Step 3: Assuming the default location, create the script:
Code: [Select]
admin@zentyla:~$ cat > update_certs.sh <<EOF
#!/bin/sh
LIVECERT=/etc/letsencrypt/live/first.domain.com/fullchain.pem
SSLCERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
LIVEKEY=/etc/letsencrypt/live/first.domain.com/privkey.pem
SSLKEY=/etc/ssl/private/ssl-cert-snakeoil.key
letsencrypt certonly --webroot -w /var/www/html/ -d first.domain.com -d second.domain.com -d third.domain.com --keep
if [ $LIVECERT -nt $SSLCERT ]
then
cp $LIVECERT $SSLCERT
cp $LIVEKEY $SSLKEY
# This is both unnecessary and doesn't work anyway
#service apache2 restart
fi
EOF
admin@zentyla:~$ chmod +x update_certs.sh
Step 3: Open root's crontab - if this is your first time it will ask you for a choice of editor. Nano is the simplest.
Code: [Select]
admin@zentyla:~$ sudo crontab -e
Step 4: Add the following line to the open editor - replace admin with your admin username - this will set it to run on the 12th of each month at midnight (change the 12 to any number between 1 and 28 to change the day it runs - don't choose 29 to 31 since they don't always occur):
Code: [Select]
0 0 12 * * /home/admin/update_certs.sh
Step 5: Ensure port 80 on your Zentyal server can be reached from the outside (I'll leave that as an exercise for the reader) and run the script manually:
Code: [Select]
admin@zentyla:~$ sudo ./update_certs.sh
And, so long as you got a successful outcome of the letsencrypt program, you should be set.
2
Contributions / Tips&Tricks / Features Requests / OpenChange replacement?
« on: October 26, 2017, 02:18:35 am »
All
Since OpenChange has been removed from Zentyal, and its website apparently gone (though the git repo still exists) are there any plans to offer a replacement? One of the drawcards for Zentyal was a drop-in replacement for Windows SBS, along with full auto configuration for Outlook and ActiveSync. As such I was rather dismayed (to put it lightly) when I tried to connect Outlook to my newly set up and updated 5.0 installation and it didn't work. While searching for the reason why, I learned that OpenChange had been removed in version 5.0, with no explanation or plan for replacement.
ActiveSync and Autodiscover were my whole reason to try Zentyal, so you can imagine my disappointment. Aside from this letdown, my experience has been positive. There's a few idiosyncrasies in the DNS management I'd like to correct, and once I get a development environment set up I look forward to digging in and doing my bit for the cause.
As for OpenChange's removal, are there any plans to replace it, or is anyone in the community working on such a project?
Thanks
Since OpenChange has been removed from Zentyal, and its website apparently gone (though the git repo still exists) are there any plans to offer a replacement? One of the drawcards for Zentyal was a drop-in replacement for Windows SBS, along with full auto configuration for Outlook and ActiveSync. As such I was rather dismayed (to put it lightly) when I tried to connect Outlook to my newly set up and updated 5.0 installation and it didn't work. While searching for the reason why, I learned that OpenChange had been removed in version 5.0, with no explanation or plan for replacement.
ActiveSync and Autodiscover were my whole reason to try Zentyal, so you can imagine my disappointment. Aside from this letdown, my experience has been positive. There's a few idiosyncrasies in the DNS management I'd like to correct, and once I get a development environment set up I look forward to digging in and doing my bit for the cause.
As for OpenChange's removal, are there any plans to replace it, or is anyone in the community working on such a project?
Thanks
Pages: [1]