-
Notifications
You must be signed in to change notification settings - Fork 77
/
cli-help.txt
35 lines (28 loc) · 2.86 KB
/
cli-help.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Usage: certbot_zimbra.sh [ -d | -n | -p ] [options]...
This script automates installing, renewing and deploying ACME certificates to Zimbra. It's a wrapper around Certbot and Zimbra tools.
Options:
Only one option at a time can be supplied. Options cannot be chained.
Mode selection:
-p | --patch-only: does only nginx patching. Useful to be called before renew, in case nginx templates have been overwritten by an upgrade.
-n | --new: performs a request for a new certificate ("certonly"). Can be used to update the domains in an existing certificate.
-d | --deploy-only: Just deploys certificates. Will detect if it's being run from Certbot renew_hook or --deploy-hook and only deploy if env variable RENEWED_DOMAINS matches the hostname. If run standalone, assumes valid certificates are in /etc/letsencrypt/live.
Global options:
-c | --prompt-confirm: ask for confirmation.
-q | --quiet: Do not output anything except errors. Useful for scripts. Implies -N/--noninteractive.
-H | --hostname <my.host.name>: hostname being requested. If not passed it's automatically detected using "zmhostname". Used as Zimbra server name in zmprov, CN and name for certificate.
Port check (--patch-only and --new):
-j | --no-port-check: disable port check.
-P | --port <port>: port the web server to use for the ACME HTTP-01 challenge is listening on. Is detected from zimbraMailProxyPort if not set. Mandatory with -x/--no-nginx unless -j/--no-port-check is set.
Nginx options (--patch-only and --new):
-w | --webroot "/path/to/www": path to the webroot of alternate webserver. Valid only with -x/--no-nginx.
-x | --no-nginx: Alternate webserver mode. Don't check and patch zimbra-proxy's nginx. Must also specify -P/--port and -w/--webroot.
Options for -n|--new:
-a | --agree-tos: agree with the Terms of Service of the ACME server (avoids prompt)
-L | --letsencrypt-params "--extra-le-parameter": Additional parameter to pass to Certbot. Must be repeated for each parameter and argument, e.g. -L "--preferred-chain" -L "ISRG Root X1"
-N | --noninteractive: Pass --non-interactive to Certbot.
--no-override-key-type-rsa: if Certbot >=v2.0.0 has been detected, do not override ECDSA to RSA with "--key-type rsa" (use this to get the default ECDSA key type, Zimbra does NOT support it!)
-e | --extra-domain <extra.domain.tld>: additional domain names being requested. Can be used multiple times. Implies -u/--no-public-hostname-detection.
-u | --no-public-hostname-detection: do not detect additional hostnames from domain zimbraPublicServiceHostname and zimbraVirtualHostname.
Deploy options:
-s | --services <service_names>: comma-separated list of services to be used for a certificate. Passed to 'zmcertmgr'. Valid services are 'all' or any of: ldap,mailboxd,mta,proxy,imapd. Default: 'all'
-z | --no-zimbra-restart: do not restart Zimbra after a certificate deployment