Script de Renovação de certificados letsencrypt Email ZIMBRA

Renovação de certificados letsencrypt Email ZIMBRA:



#!/bin/bash

#-----------DECLARACAO DE VARIAVEIS---------------------------------------------

CERTS_LETSENCRYPT=$(find /etc/letsencrypt/live/  -type d | grep exemplo.com.br) #DIRETORIO DE ARQUIVOS DO LETS ENCRYPT
ZIMBRA_LETSENCRYPT='/opt/zimbra/ssl/letsencrypt'        #DIRETORIO DE ARQUIVOS ZIMBRA DO LETSENCRYPT
ZIMBRA_SSL_COMM='/opt/zimbra/ssl/zimbra/commercial'     #DIRETORIO DE ARQUIVOS SSL ZIMBRA
ZIMBRA_BACKUP='/root/backup/zimbra'                     #DIREOTORIO DE BACKUP DESTINO
TIMESTAMP=$(date "+%Y%m%d")                             #VARIAVEL DE TEMPO PARA SCRIPT
BACKUP_FOLDER="/root/backup/zimbra/zimbra-$TIMESTAMP"

########################### ARMAZENAMENTO DE LOGS ############################
LOG="/root/backup/logs/rollover-certs-letsencrypts-$(date "+%Y%m%d").log"
exec 1>> >(tee -a "$LOG")
exec 2>&1
##############################################################################

echo -e "\n\n===== INICIANDO SCRIPT DE RENOVACAO DE CERTIFICADOS SSL LETSENCRYPT PARA ZIMBRA ====="
sleep 3

echo -e "==== ROTINAS DE BACKUP DOS ARQUIVOS SSL DE PRODUCAO EM: $TIMESTAMP\n"
echo -e "==== INICIANDO ROTINAS DE BACKUPS DE ARQUIVOS"
sleep 3
cd $ZIMBRA_BACKUP
mkdir -p $BACKUP_FOLDER
cd  $BACKUP_FOLDER

echo -n "1) Criando backup dos arquivos letsencrypt atuais: " && sleep 1 && echo "OK"
cd  $BACKUP_FOLDER
mkdir zimbra-letsencrypt
cd zimbra-letsencrypt
cp $ZIMBRA_LETSENCRYPT/* .
if [ $? -ne 0 ]; then { echo "Falha detectada, abortando..." ; exit 1; } fi

echo -n "2) Criando backup dos arquivos zimbra commercial atuais: " && sleep 1 && echo "OK"
cd  $BACKUP_FOLDER
mkdir zimbra-commercial
cd zimbra-commercial
cp $ZIMBRA_SSL_COMM/* .
if [ $? -ne 0 ]; then { echo "Falha detectada, abortando..." ; exit 1; } fi

echo -n "3) Criando backup dos arquivos Lets encrypt LIVE: " && sleep 1 && echo "OK"
cd  $BACKUP_FOLDER
mkdir letsencrypt-live
cd letsencrypt-live
cp $CERTS_LETSENCRYPT/* .
if [ $? -ne 0 ]; then { echo "Falha detectada, abortando..." ; exit 1; } fi
sleep 2

echo -e "\n==== os backups dos certificados foram feitos com sucesso ====\n"
sleep 3


echo "###########################################################################################"
echo "######                    PARANDO OS SERVICOS DO ZMPROXY E ZMAILBOXD                  #####"
echo "###########################################################################################"
sleep 3
echo "++++++ PARANDOS OS SERVICOS NGINX E JETTY DO ZIMBRA SERVER COM O USER ZIMBRA +++++++"

su - zimbra -c "/opt/zimbra/bin/zmproxyctl stop"
echo "ZMPROXY PARADO"
sleep 15
su - zimbra -c "/opt/zimbra/bin/zmmailboxdctl stop"
echo "ZMMAILBOXD PARADO"
sleep 15

echo "==== SERVICOS ZIMBRA PARADOS COM SUCESSO!! ===="
exit
###########################################################################################
##### NESTA ETAPA IREMOS REALIZAR OS BACKUPS DOS CERTIFICADOS ATUAIS DE PRODUCAO      #####
###########################################################################################

# REALIZAR BACKUP DA PASTA DO LETSENCRYPTY
tar -cvzf backup_certs_letsencrypt_$TIMESTAMP.tar.gz $ZIMBRA_LETSENCRYPT/*
echo "#====== COPIANDO OS ARQUIVOS DA PASTA LETS ENCRYPT PARA A PASTA $ZIMBRA_LETSENCRYPT ======="
sleep 5

# CRIAR NOVAS CHAVES LETSENCRYPT EMAIL.MA.GOV.BR
/root/letsencrypt/letsencrypt-auto  certonly --standalone -d exemplo.com.br >> $LOG


# montar o arquivo chain do letsencrypt
cd $CERTS_LETSENCRYPT
cat chain.pem /root/scripts/cert-root-letsencrypt.crt > chain-new.pem

cp * $ZIMBRA_LETSENCRYPT
chown zimbra:zimbra $ZIMBRA_LETSENCRYPT/*

echo -n "COPIA DE ARQUIVOS LETSENCRYT CONCLUIDA: "  && sleep 1 && echo "OK"
echo -n "PERMISSOES DE ARQUIVO ZIMBRA: "  && sleep 1 && echo "OK"

su zimbra
cd $ZIMBRA_LETSENCRYPT

su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain-new.pem | grep OK"
if [ $? -ne 0 ]; then { echo "Falha detectada, abortando..." ; exit 1; } fi

su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain-new.pem" >> $LOG


echo "DEPLOY REALIZADO COM SUCESSO!!"
mkdir /opt/zimbra/ssl/zimbra.$TIMESTAMP
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$TIMESTAMP
echo -n "REALIZANDO BACKUP DOS CERTIFICADOS: "  && sleep 1 && echo "OK"

cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

sleep 10

su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain-new.pem" >> $LOG
su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"

echo "RENOVAÇÃO DE CERTIFICADOS REALIZADA COM SUCESSO!" >> $LOG




Comentários

Postar um comentário

Postagens mais visitadas deste blog

Template zabbix RITTAL CMC II SNMP

<?xml version="1.0" encoding="UTF-8"?> <zabbix_export>     <version>3.2</version>     <date>2020-04-01T20:15:30Z</date>     <groups>         <group>             <name>SALA COFRE</name>         </group>     </groups>     <hosts>         <host>             <host>SALA-COFRE</host>             <name>SALA-COFRE</name>             <description>CMC - Monitoramento da Sala Cofre</description>             <proxy/>             <status>1</status>             <ipmi_authtype>-1</ipmi_authtype>             <ipmi_privilege>2</ipmi_privilege>             <ipmi_username/>             <ipmi_password/>             <tls_connect>1</tls_connect>             <tls_accept>1</tls_accept>             <tls_issuer/>             <tls_subject/>             <tls_ps
Leia mais

REDES GPON - OLT SINO TELECOM

REDES GPON OLT G8PS - SINO TELECOM Source : Sino Telecom 1. Verificar configuração da OLT do cliente: Username:admin Password:admin GPON> enable GPON# configure terminal 1 2 3 4 Verificar informações de versão da OLT: GPON# show version Product Name : GPON Software Version : R5.2.0V3316 Compiled by jenkins Tue Aug 29 20:18:09 CST 2017 Hardware Version : 1.1 Serial Num : ################# Contact : Loction : 1 2 3 4 5 6 7 8 Checar a configuração da interface GPON: GPON# configure terminal GPON(config)# interface gpon-olt 1/1 GPON(config-gpon-olt1/1)# show running-config interface gpon-olt1/1 ! interface gpon-olt1/1 no shutdown qos-queue-scheduler model hierarchy ! 1 2 3 4 5 6 7 8 Verificar informações do módulo óptico: GPON(config-gpon-olt1/1)# show optical module info optical module tx power : 3.76 dbm optical module temperature : 31.00 C optical module voltage : 3.23 V optical module bias current : 9.22 mA 1 2 3 4 5 Verificar ONU não r
Leia mais