Script hung on 1st install on NGIX patch
lovelord83 opened this issue · 2 comments
Checking for dependencies...
Detected Zimbra 8.8.15 on UBUNTU18_64
Using zmhostname to detect domain name.
Using domain name zimbra.ui.prato.it (as certificate DN)
Checking zimbra-proxy is running and enabled
Detecting port from zimbraMailProxyPort
Checking if process is listening on port 80 with name "nginx" user "zimbra"
Making a backup of nginx templates in "/opt/zimbra/conf/nginx/templates.20240305_095439"
Patching nginx templates... Error! <---- ERROR
Restoring old templates... Success.
Error patching nginx templates.
An error seems to have occurred. Please read the output above for clues and try to rectify the situation.
If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra . Exiting.
root@zimbra:/tmp/certbot-zimbra-1.0.2# bash -x certbot_zimbra.sh -n
+ readonly progname=certbot_zimbra.sh
+ progname=certbot_zimbra.sh
+ readonly version=1.0.2
+ version=1.0.2
+ readonly github_url=https://github.com/YetOpen/certbot-zimbra
+ github_url=https://github.com/YetOpen/certbot-zimbra
+ readonly 'copyright=Copyright (c) 2023 Lorenzo Milesi <maxxer@yetopen.com>, Jernej Jakob <jernej.jakob@gmail.com>'
+ copyright='Copyright (c) 2023 Lorenzo Milesi <maxxer@yetopen.com>, Jernej Jakob <jernej.jakob@gmail.com>'
+ readonly zmpath=/opt/zimbra
+ zmpath=/opt/zimbra
+ readonly zmwebroot=/opt/zimbra/data/nginx/html
+ zmwebroot=/opt/zimbra/data/nginx/html
+ readonly le_conf_path=/etc/letsencrypt
+ le_conf_path=/etc/letsencrypt
+ readonly le_conf_renewal_path=/etc/letsencrypt/renewal
+ le_conf_renewal_path=/etc/letsencrypt/renewal
+ readonly le_live_path=/etc/letsencrypt/live
+ le_live_path=/etc/letsencrypt/live
+ readonly temppath=/run/certbot_zimbra.sh
+ temppath=/run/certbot_zimbra.sh
+ readonly zmprov_opts=-l
+ zmprov_opts=-l
+ readonly ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
+ ca_certificates_file=/etc/ssl/certs/ca-certificates.crt
+ readonly pki_ca_bundle_file=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+ pki_ca_bundle_file=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
+ webroot=
+ certpath=
+ le_bin=
+ le_params=()
+ le_agree_tos=false
+ le_noniact=false
+ le_override_key_type_rsa=true
+ extra_domains=()
+ no_nginx=false
+ deploy_only=false
+ new_cert=false
+ services=all
+ patch_only=false
+ restart_zimbra=true
+ prompt_confirm=false
+ detect_public_hostnames=true
+ skip_port_check=false
+ port=
+ quiet=false
+ readonly min_certbot_version=0.19.0
+ min_certbot_version=0.19.0
+ detected_certbot_version=
+ locked=false
+ platform=
+ detected_zimbra_version=
+ trap exitfunc EXIT
+ (( 1 > 0 ))
+ case "$1" in
+ new_cert=true
+ shift
+ (( 0 > 0 ))
+ readonly deploy_only new_cert patch_only le_agree_tos le_noniact le_override_key_type_rsa detect_public_hostnames skip_port_check no_nginx services restart_zimbra prompt_confirm quiet
+ false
+ false
+ false
+ true
+ false
+ false
+ false
+ true
+ false
+ false
+ [[ -n '' ]]
+ false
+ false
+ printf '%s\n' 'certbot_zimbra.sh v1.0.2 - https://github.com/YetOpen/certbot-zimbra'
certbot_zimbra.sh v1.0.2 - https://github.com/YetOpen/certbot-zimbra
+ bootstrap
+ check_user
+ (( EUID != 0 ))
+ make_temp
+ mkdir --mode=750 -p /run/certbot_zimbra.sh
+ chown root:zimbra /run/certbot_zimbra.sh
+ get_lock
+ exec
+ flock -n 200
+ locked=true
+ readonly locked
+ check_depends
+ false
+ printf 'Checking for dependencies...\n'
Checking for dependencies...
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash sudo
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash openssl
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash grep
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash sort
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash head
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash sed
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash chmod
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash chown
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash cat
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash cp
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash awk
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash /opt/zimbra/bin/zmhostname
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash /opt/zimbra/bin/zmcertmgr
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash /opt/zimbra/bin/zmcontrol
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash /opt/zimbra/bin/zmprov
+ for name in sudo openssl grep sort head sed chmod chown cat cp awk "$zmpath/bin/zmhostname" "$zmpath/bin/zmcertmgr" "$zmpath/bin/zmcontrol" "$zmpath/bin/zmprov" "$zmpath/libexec/get_plat_tag.sh"
+ hash /opt/zimbra/libexec/get_plat_tag.sh
+ check_depends_ca
+ [[ -r /etc/ssl/certs/ca-certificates.crt ]]
+ return
++ /opt/zimbra/libexec/get_plat_tag.sh
+ platform=UBUNTU18_64
+ readonly platform
++ sudo -in -u zimbra -- '$HOME/bin/zmcontrol' -v
++ grep -Po '(\d+).(\d+).(\d+)'
++ head -n 1
+ detected_zimbra_version=8.8.15
+ readonly detected_zimbra_version
+ [[ -z 8.8.15 ]]
+ false
+ printf 'Detected Zimbra %s on %s\n' 8.8.15 UBUNTU18_64
Detected Zimbra 8.8.15 on UBUNTU18_64
+ get_domain
+ [[ -z '' ]]
+ false
+ printf 'Using zmhostname to detect domain name.\n'
Using zmhostname to detect domain name.
++ /opt/zimbra/bin/zmhostname
+ domain=zimbra.ui.prato.it
+ [[ -z zimbra.ui.prato.it ]]
+ false
+ printf 'Using domain name %s (as certificate DN)\n' zimbra.ui.prato.it
Using domain name zimbra.ui.prato.it (as certificate DN)
+ false
+ return 0
+ return 0
+ false
+ false
+ webroot=/opt/zimbra/data/nginx/html
+ readonly webroot
+ check_zimbra_proxy
+ [[ -z zimbra.ui.prato.it ]]
+ false
+ printf 'Checking zimbra-proxy is running and enabled\n'
Checking zimbra-proxy is running and enabled
+ sudo -in -u zimbra -- '$HOME/bin/zmproxyctl' status
+ sudo -in -u zimbra -- '$HOME/bin/zmprov' -l gs zimbra.ui.prato.it zimbraReverseProxyHttpEnabled
+ grep -q TRUE
+ [[ -z '' ]]
+ false
+ printf 'Detecting port from zimbraMailProxyPort\n'
Detecting port from zimbraMailProxyPort
++ sudo -in -u zimbra -- '$HOME/bin/zmprov' -l gs zimbra.ui.prato.it zimbraMailProxyPort
++ sed -n 's/zimbraMailProxyPort: //p'
+ port=80
+ [[ -z 80 ]]
+ [[ 80 != \8\0 ]]
+ check_port 80 nginx zimbra
+ false
+ [[ -z 80 ]]
+ false
+ printf 'Checking if process is listening on port %s\n' '80 with name "nginx" user "zimbra"'
Checking if process is listening on port 80 with name "nginx" user "zimbra"
+ declare -a check_bin
+ declare grep_filter=
+ hash lsof
+ check_bin=("lsof" "-i" ":$1" "-s" "TCP:LISTEN" "-a" "-n")
+ grep_filter='nginx.*zimbra'
++ lsof -i :80 -s TCP:LISTEN -a -n
++ grep -c 'nginx.*zimbra'
+ (( 4 == 0 ))
+ return 0
+ patch_nginx
+ [[ ! -d /opt/zimbra/conf/nginx/includes ]]
+ grep -r -q acme-challenge /opt/zimbra/conf/nginx/templates
+ [[ -z /opt/zimbra/data/nginx/html ]]
+ set -e
++ date +%Y%m%d_%H%M%S
+ local bkdate=20240305_095359
+ false
+ printf 'Making a backup of nginx templates in "%s"\n' /opt/zimbra/conf/nginx/templates.20240305_095359
Making a backup of nginx templates in "/opt/zimbra/conf/nginx/templates.20240305_095359"
+ cp -a /opt/zimbra/conf/nginx/templates /opt/zimbra/conf/nginx/templates.20240305_095359
+ set +e
+ false
+ printf 'Patching nginx templates... '
Patching nginx templates... + e=0
+ for file in http.default https.default http https
+ awk -v webroot=/opt/zimbra/data/nginx/html -v progname=certbot_zimbra.sh -f - /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.default.template
+ e=1
+ (( e != 0 ))
+ break
+ (( e != 0 ))
+ false
+ printf 'Error!\nRestoring old templates... '
Error!
Restoring old templates... + cp -a /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.docs.common.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.docs.upstream.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.imap.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.imaps.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.imaps.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.imap.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.pop3.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.pop3s.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.pop3s.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.pop3.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.mail.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.main.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.memcache.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.admin.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.admin.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.mode-both.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.mode-https.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.mode-http.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.mode-mixed.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.mode-redirect.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.mode-both.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.mode-https.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.mode-http.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.mode-mixed.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.mode-redirect.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.https.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.http.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.sso.default.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.sso.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.web.template /opt/zimbra/conf/nginx/templates.20240305_095359/nginx.conf.zmlookup.template /opt/zimbra/conf/nginx/templates/
+ false
+ printf 'Success.\n'
Success.
+ false
+ printf 'Error patching nginx templates.\n'
Error patching nginx templates.
+ exit 1
+ exitfunc
+ e=1
+ (( e != 0 ))
+ false
+ printf '\nAn error seems to have occurred. Please read the output above for clues and try to rectify the situation.\nIf you believe this is an error with the script, please file an issue at %s . Exiting.\n' https://github.com/YetOpen/certbot-zimbra
An error seems to have occurred. Please read the output above for clues and try to rectify the situation.
If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra . Exiting.
+ exec
+ true
+ rm /run/certbot_zimbra.sh/certbot_zimbra.sh.lck
+ exit 1
Is it possible the nginx template are not the original ones?
(friendly note: I wouldn't advertise public domain name of such an old and unpatched version)
Is it possible the nginx template are not the original ones?
(friendly note: I wouldn't advertise public domain name of such an old and unpatched version)
Mmm not think so, never installed this script on this server. System is not manually modified. If you need some specific files details I can cat and quote here. Let me know.