Created
March 6, 2019 21:21
-
-
Save voice1/848a3225ad554d77dbafa2217269bfd0 to your computer and use it in GitHub Desktop.
Automated script for applying Let Encrypt certificates to Kerio Connect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script is intended to automate the addition of let-encrypt certificates for Kerio Connect mail server | |
# It uses the powerful acme.sh script to generate the SSL Certificate, and apply it to the Kerio Connect installation | |
# Currently this works with Debian, because thats what I use, the process is simiular on other Linux OS's | |
# This script is provided as-is, but if you have improvements I am happy to incorporate them. | |
MAIL_DOMAIN_NAME=mail.example.com | |
ACME=/root/.acme.sh/acme.sh | |
KERIO_CONNECT_SSL=/opt/kerio/mailserver/sslcert | |
# Make sure acme.sh exists. | |
if [ ! -f $ACME ]; then | |
echo "acme.sh is not installed. Please go to https://github.com/Neilpang/acme.sh to install it" | |
exit 1 | |
fi | |
# Generate the SSL Certificate | |
acme.sh --issue -d $MAIL_DOMAIN_NAME -w /var/www/html | |
acme.sh --issue-cert -d $MAIL_DOMAIN_NAME \ | |
--key-file ${KERIO_CONNECT_SSL}/mail.key \ | |
--fullchain-file ${KERIO_CONNECT_SSL}/mail.crt \ | |
--reload-cmd "systemctl restart kerio-connect.service" | |
exit 0 | |
# The first time you run this you will need to 'select' the correct SSL certificate from the web UI. | |
# But subsaquent updates will just replace the certificate for you. | |
# Note: You could use the DNS option to generate SSL certs, this is what I typically do, because it avoids having to run | |
# the webserver and exposing the webroot. But if you have a default install of say nginx, this works. | |
# You should also note that if you wanted to change the location of the KERIO_CONNECT_SSL directory, you can just create | |
# a symlink in the kerio location pointing to your location you securely store your SSL certificates. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment