Automated script for applying Let Encrypt certificates to Kerio Connect

kerio-connect-ssl.sh

#!/bin/bash

# This script is intended to automate the addition of let-encrypt certificates for Kerio Connect mail server
# It uses the powerful acme.sh script to generate the SSL Certificate, and apply it to the Kerio Connect installation
# Currently this works with Debian, because thats what I use, the process is simiular on other Linux OS's
# This script is provided as-is, but if you have improvements I am happy to incorporate them.


MAIL_DOMAIN_NAME=mail.example.com
ACME=/root/.acme.sh/acme.sh
KERIO_CONNECT_SSL=/opt/kerio/mailserver/sslcert

# Make sure acme.sh exists.
if [ ! -f $ACME ]; then 
  echo "acme.sh is not installed. Please go to https://github.com/Neilpang/acme.sh to install it"
  exit 1
fi

# Generate the SSL Certificate
acme.sh --issue -d $MAIL_DOMAIN_NAME -w /var/www/html
acme.sh --issue-cert -d $MAIL_DOMAIN_NAME \
        --key-file ${KERIO_CONNECT_SSL}/mail.key \
        --fullchain-file ${KERIO_CONNECT_SSL}/mail.crt \
        --reload-cmd "systemctl restart kerio-connect.service"
exit 0
# The first time you run this you will need to 'select' the correct SSL certificate from the web UI. 
# But subsaquent updates will just replace the certificate for you.

# Note: You could use the DNS option to generate SSL certs, this is what I typically do, because it avoids having to run
# the webserver and exposing the webroot. But if you have a default install of say nginx, this works.
# You should also note that if you wanted to change the location of the KERIO_CONNECT_SSL directory, you can just create
# a symlink in the kerio location pointing to your location you securely store your SSL certificates.