# zimbra-management Zimbra management and monitoring utils. * [`zimbra-man.sh`](https://git.hmp.today/pavel.muhortov/zimbra-management#zimbra-man-sh) ____ ## `zimbra-man`.sh **Description:** > Print length of all zimbra queues or letsencrypt update certificate procedure. **Dependencies:** > > * privileged rights > * [zimbra zmcontrol, zmqstat, zmcertmgr](https://www.zimbra.com/) (tested version 8.8.15 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [curl](https://curl.se/download.html) (tested version 7.29 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [openssl](https://www.openssl.org/) (tested version 1.0.2k on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [cerbot](https://certbot.eff.org/) (tested version 2.5.0 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * [Python 3](https://www.python.org/downloads/) (tested version 3.9.5 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) > * existing [/usr/local/bin/sendmail.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) | POSITION | PARAMETERS | DESCRIPTION | DEFAULT | |-----------|--------------|------------------------|---------------| | 1 |**[qn]**|execution without pauses|| | 2 |**que**|print length of all zimbra queues|`None`| | 2 |**svc**|print number of stopped services|`None`| | 2 |**ssl**|letsencrypt certificate update procedure|`None`| | 3 |**[/path/to/conf]**|custom configuration file path|`./zimbra-man.conf`| ### Renew certificate by crontab The first issue of the certificate must be done manually, because you need to answer letsencrypt questions. ```bash # define first certificate certfirst=mail.domain.zone # stop zimbra sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol stop" # add additional hostnames, issue certificate and download chain sudo certbot certonly --standalone --email mail@domain.zone --preferred-chain "ISRG Root X1" -d "${certfirst}" -d smtp.domain.zone -d pop3.domain.zone -d imap.domain.zone sudo sh -c "wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> /etc/letsencrypt/live/${certfirst}/chain.pem" # start zimbra sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol start" # copy certificate, define files permission sudo cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem sudo cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/ # deploy certificate sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem" # restart zimbra sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol restart" ``` When the certificate is issued, renew certificate is possible by crontab. ```bash # download sudo wget https://git.hmp.today/pavel.muhortov/zimbra-management/raw/branch/master/zimbra-man.sh -O /usr/local/bin/zimbra-man.sh sudo chmod +x /usr/local/bin/zimbra-man.sh ``` ```bash # edit config sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF' logs=/var/log/zimbra-man.log python3=/usr/local/opt/python-3.9/bin/python3.9 certfirst=mail.domain.zone certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone certemail=mail@domain.zone EOF ``` ```bash # sudo sh -c "EDITOR=nano crontab -e" PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 0 0 * * 1 bash /usr/local/bin/zimbra-man.sh qn ssl >> /dev/null 2>&1 ``` ```bash # check journal tail -f -n 50 /var/log/zimbra-man.log ``` ### Print length of all zimbra queues ```bash sudo /usr/local/bin/zimbra-man.sh - que ```