This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:security:ssl_cert_letsencrypt_zimbra [2021/06/15 09:43] gcooper |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Using LetsEncrypt SSL Certificates with Zimbra ====== | ||
- | <note important> | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | </ | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | ===== Install CertBot ===== | ||
- | |||
- | You can use the install wizard at the '' | ||
- | |||
- | https:// | ||
- | |||
- | ==== CentOS 7 ==== | ||
- | |||
- | < | ||
- | yum install certbot --enablerepo=epel | ||
- | </ | ||
- | |||
- | ==== Ubuntu 16.04 ==== | ||
- | |||
- | :!: The PPA is for Ubuntu versions up to 18.04. | ||
- | |||
- | < | ||
- | apt-get update | ||
- | apt-get install software-properties-common | ||
- | add-apt-repository universe | ||
- | add-apt-repository ppa: | ||
- | apt-get update | ||
- | apt-get install certbot | ||
- | </ | ||
- | |||
- | ==== Ubuntu 20.04 ==== | ||
- | |||
- | < | ||
- | apt-get update | ||
- | apt-get install certbot | ||
- | </ | ||
- | |||
- | ===== Disable Packaged Auto Renewal ===== | ||
- | |||
- | When installing '' | ||
- | |||
- | < | ||
- | systemctl stop certbot.timer && systemctl disable certbot.timer | ||
- | |||
- | vim / | ||
- | </ | ||
- | |||
- | **Comment out the last line.** | ||
- | |||
- | <note warning> | ||
- | |||
- | ===== New LetsEncrypt Certificate ===== | ||
- | |||
- | <note important> | ||
- | |||
- | < | ||
- | rm -f certbot_zimbra.sh | ||
- | wget https:// | ||
- | chmod +x certbot_zimbra.sh | ||
- | ./ | ||
- | </ | ||
- | |||
- | ===== Renew LetsEncrypt Certificate ===== | ||
- | |||
- | :!: If the existing certificate has **expired**, | ||
- | |||
- | < | ||
- | ./ | ||
- | </ | ||
- | |||
- | ===== Automatic Renewals ===== | ||
- | |||
- | < | ||
- | mv certbot_zimbra.sh / | ||
- | </ | ||
- | |||
- | < | ||
- | vim / | ||
- | </ | ||
- | |||
- | < | ||
- | # certbot_zimbra.sh requires bash and a path with /usr/sbin | ||
- | SHELL=/ | ||
- | PATH=/ | ||
- | |||
- | # Replace / | ||
- | 12 5 * * * root / | ||
- | </ | ||
- | |||
- | :!: Once your '' | ||
- | |||
- | < | ||
- | >> /dev/null 2>&1 | ||
- | </ | ||
- | |||
- | ===== Troubleshooting ===== | ||
- | |||
- | < | ||
- | tail -f / | ||
- | cat / | ||
- | |||
- | certbot certificates | ||
- | |||
- | cat / | ||
- | |||
- | cat / | ||
- | </ | ||
- | |||
- | ==== View Deployed Certs ==== | ||
- | |||
- | < | ||
- | su - zimbra | ||
- | / | ||
- | </ | ||
- | |||
- | ==== Trouble Renewing ==== | ||
- | |||
- | If you see an error like this in the log: | ||
- | < | ||
- | |||
- | WARNING: | ||
- | </ | ||
- | |||
- | :!: This is probably due to a **SAN hostname**. | ||
- | |||
- | Try adding the missing line from the '' | ||
- | |||
- | < | ||
- | vim / | ||
- | </ | ||
- | |||
- | < | ||
- | hostname.domain.tld = / | ||
- | sanhostname.domain.tld = / | ||
- | </ | ||
- | |||
- | Then re-run the '' | ||
- | |||
- | <note warning> | ||
- | |||
- | Use of '' | ||
- | |||
- | < | ||
- | / | ||
- | </ |