generated from pavel.muhortov/template-bash
3.9 KiB
3.9 KiB
zimbra-management
Zimbra management and monitoring utils.
zimbra-man.sh
Description:
Print length of all zimbra queues or letsencrypt update certificate procedure.
Dependencies:
- privileged rights
- zimbra zmcontrol, zmqstat, zmcertmgr (tested version 8.8.15 on CentOS 7)
- cerbot (tested version 2.5.0 on CentOS 7)
- cert-info.sh
- Python 3 (tested version 3.9.5 on CentOS 7)
- sendmail.py
| POSITION | PARAMETERS | DESCRIPTION | DEFAULT |
|---|---|---|---|
| 1 | [qn] | execution without pauses | |
| 2 | que | print length of all zimbra queues | None |
| 2 | svc | print number of stopped services | None |
| 2 | ssl | letsencrypt certificate update procedure | None |
| 3 | [/path/to/conf] | custom configuration file path | ./zimbra-man.conf |
Renew certificate by crontab
The first issue of the certificate must be done manually, because you need to answer letsencrypt questions.
# define first certificate
certfirst=mail.domain.zone
# stop zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol stop"
# add additional hostnames, issue certificate and download chain
sudo certbot certonly --standalone --email mail@domain.zone --preferred-chain "ISRG Root X1" --key-type rsa --rsa-key-size 2048 -d "${certfirst}" -d smtp.domain.zone -d pop3.domain.zone -d imap.domain.zone
sudo sh -c "wget -O - https://letsencrypt.org/certs/isrgrootx1.pem.txt --no-check-certificate >> /etc/letsencrypt/live/${certfirst}/chain.pem"
# start zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol start"
# copy certificate, define files permission
sudo cp "/etc/letsencrypt/live/${certfirst}/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key
sudo cp "/etc/letsencrypt/live/${certfirst}/chain.pem" /opt/zimbra/ssl/zimbra/commercial/chain.pem
sudo cp "/etc/letsencrypt/live/${certfirst}/cert.pem" /opt/zimbra/ssl/zimbra/commercial/cert.pem
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/
# deploy certificate
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"
sudo su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem"
# restart zimbra
sudo su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
When the certificate issued, renew certificate is possible by crontab.
# download
sudo wget https://git.hmp.today/pavel.muhortov/zimbra-management/raw/branch/master/zimbra-man.sh -O /usr/local/bin/zimbra-man.sh
sudo chmod +x /usr/local/bin/zimbra-man.sh
# edit config
sudo tee /usr/local/bin/zimbra-man.conf > /dev/null <<'EOF'
logs=/var/log/zimbra-man.log
python3=/usr/local/opt/python-3.9/bin/python3.9
sendemail=/usr/local/bin/sendmail.py
confemail=/usr/local/bin/sendmail.config
certcheck=/usr/local/bin/cert-info.sh
certfirst=mail.domain.zone
certalias=smtp.domain.zone pop3.domain.zone imap.domain.zone
certemail=mail@domain.zone
EOF
# sudo sh -c "EDITOR=nano crontab -e"
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 0 * * 1 bash /usr/local/bin/zimbra-man.sh qn ssl >> /dev/null 2>&1
# check journal
tail -f -n 50 /var/log/zimbra-man.log
Print length of all zimbra queues
sudo /usr/local/bin/zimbra-man.sh - que