Zimbra and Letsencrypt: updated the certbot-zimbra script to v0.2

Yesterday I released a new version (thus introducing the concept of versions) of the certbot-zimbra script.

One of the most notably change is the removal of the patches/ subdirectory, which I personally hated. Now patches are embedded inside the script. Less crap around to manage!

Also the patching method was changed: instead of having a single patch file (or variable, with the new method) for every Zimbra version now I do version comparison. So now there’s an if (version < 8.6) apply patch 1, otherwise if lower than X.Y apply patch 2 and so on. Simpler and less problematic for users. Another big fix is about nginx patching. In the first version I used to patch production configuration files, that means files currently being used by the running daemon, and then reload config at runtime by issuing nginx -s reload. This was working fine, but at every Zimbra restart zmconfigd rewrites all these files, requiring patch every time. Theoretically the script was patching nginx at every attempted renew for the earilest version, when using –post-hook. Lately I updated the documentation with –renew-hook, which would mean no more patch and no more domain validation.
The updated version patches all nginx proxy modes (http, https and both), and does patch the template files used by zmconfigd to compile the production ones. This means the patches will survive restart (but yet not upgrades!).

I hope this improves the overall usage and deployment of the script. Testing and feedback is welcome on GitHub.

There are still some issues remaining open for development:

  1. better handle patching, because Zimbra updates will remove them #23
  2. I noted from a forked repository commit that patches seems to break Ca{l|rd}DAV autodiscovery #22
  3. support multiple domain names (SNI) #8

 

Articoli recenti

Commenti recenti

Archivi

Categorie

maxxer Written by:

Be First to Comment

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *