#!/bin/sh

# Down and dirty means to renew LetsEncrypt cert with Zimbra

# I copy my LE certs to a dir so I don't totally bork my certs and have to go through certbot tomfoolery.
# Steps: 1. delete old copied certs, 2. copy new certs to zimbra cert staging dir, 3. copy the LE private key 
# to commercial.key, 4/5. change ownership of copied files to zimbra, 6. grab the LE root cert, 7. copy the 
# contents of the root cert and append it to chain.pem, 8. test things to make sure the commercial.key, cert,
# and chain are working together, 9. deploy to zimbra. 

# as root

rm /opt/zimbra/ssl/letsencrypt/*
cp /etc/letsencrypt/live/<directory>/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key

# as zimbra

su - zimbra -c "wget -O /opt/zimbra/ssl/letsencrypt/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt"
su - zimbra -c "cat /opt/zimbra/ssl/letsencrypt/ISRG-X1.pem >> /opt/zimbra/ssl/letsencrypt/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem"
su - zimbra -c "/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem"