Carbonio CE can renew the certificates manually using the standard certbot interface or automatically.
Commands for the manual renewal must be issued as the zextras user.
The manual renewal amounts to launch command certbot renew on the Node installing the Proxy Role.
In case your Carbonio CE infrastructure has multiple Proxy Nodes, first find the one which is responsible for the certificate management, using command
zextras$ certbot certificates
If the output contains something like the following, you are on the right Node:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: serial number
Key Type: ECDSA
Domains: demo.zextras.io
Expiry Date: 2024-01-31 12:50:33+00:00 (VALID: 14 days)
Certificate Path: certificate path /fullchain.pem
Private Key Path: private key path /privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To renew the Let’s Encrypt certificate, issue command
zextras$ certbot renew
This command attempts to renew any previously-obtained certificates that expire in less than 30 days.
Once the certificate has been renewed, run the two deployment commands
zextras$ /opt/zextras/libexec/zmproxyconfgen
zextras$ /opt/zextras/bin/zmproxyctl reload
In case you have multiple Proxy Nodes, run the two commands on all Proxy Nodes.