Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - efarayenkay

Pages: [1]
1
UPDATE 2018-11-12 - remove requirement to restart Apache - doesn't work in that form and isn't needed anyway

Hi there

Not sure if there's a post about this already, but I've come up with a method to automate the creation and installation of Let's Encrypt certificates which I would like to share with you.

Step 1: Install the letsencrypt package, and its prerequisities:

Code: [Select]
admin@zentyla:~$ sudo apt-get install letsencrypt
Step 2: Find where the certificates currently live:

Code: [Select]
admin@zentyla:~$ grep "^\s*SSLCertificate" /etc/apache2/sites-enabled/default-ssl.conf
Step 3: Assuming the default location, create the script:

Code: [Select]
admin@zentyla:~$ cat > update_certs.sh <<EOF
#!/bin/sh

LIVECERT=/etc/letsencrypt/live/first.domain.com/fullchain.pem
SSLCERT=/etc/ssl/certs/ssl-cert-snakeoil.pem
LIVEKEY=/etc/letsencrypt/live/first.domain.com/privkey.pem
SSLKEY=/etc/ssl/private/ssl-cert-snakeoil.key

letsencrypt certonly --webroot -w /var/www/html/ -d first.domain.com -d second.domain.com -d third.domain.com  --keep
if [ $LIVECERT -nt $SSLCERT ]
then
        cp $LIVECERT $SSLCERT
        cp $LIVEKEY $SSLKEY
        # This is both unnecessary and doesn't work anyway
        #service apache2 restart
fi

EOF
admin@zentyla:~$ chmod +x update_certs.sh

Step 3: Open root's crontab - if this is your first time it will ask you for a choice of editor.  Nano is the simplest.

Code: [Select]
admin@zentyla:~$ sudo crontab -e
Step 4: Add the following line to the open editor - replace admin with your admin username - this will set it to run on the 12th of each month at midnight (change the 12 to any number between 1 and 28 to change the day it runs - don't choose 29 to 31 since they don't always occur):

Code: [Select]
0 0 12 * * /home/admin/update_certs.sh
Step 5: Ensure port 80 on your Zentyal server can be reached from the outside (I'll leave that as an exercise for the reader) and run the script manually:

Code: [Select]
admin@zentyla:~$ sudo ./update_certs.sh
And, so long as you got a successful outcome of the letsencrypt program, you should be set.

2
Contributions / Tips&Tricks / Features Requests / OpenChange replacement?
« on: October 26, 2017, 02:18:35 am »
All

Since OpenChange has been removed from Zentyal, and its website apparently gone (though the git repo still exists) are there any plans to offer a replacement?  One of the drawcards for Zentyal was a drop-in replacement for Windows SBS, along with full auto configuration for Outlook and ActiveSync.  As such I was rather dismayed (to put it lightly) when I tried to connect Outlook to my newly set up and updated 5.0 installation and it didn't work.  While searching for the reason why, I learned that OpenChange had been removed in version 5.0, with no explanation or plan for replacement.

ActiveSync and Autodiscover were my whole reason to try Zentyal, so you can imagine my disappointment.  Aside from this letdown, my experience has been positive.  There's a few idiosyncrasies in the DNS management I'd like to correct, and once I get a development environment set up I look forward to digging in and doing my bit for the cause.

As for OpenChange's removal, are there any plans to replace it, or is anyone in the community working on such a project?

Thanks

Pages: [1]