This is an old revision of the document!
https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt
https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh
su - mkdir /opt/zimbra/.acme.sh; chown zimbra:zimbra /opt/zimbra/.acme.sh su - zimbra cd /opt/zimbra/.acme.sh wget -O - https://get.acme.sh | sh
Set defalt CA to LetsEncrypt
su - zimbra cd .acme.sh/ ./acme.sh --set-default-ca --preferred-chain "ISRG" --server letsencrypt
./acme.sh --upgrade
/opt/zimbra/bin/zmcertmgr viewdeployedcrt all
./acme.sh --list
Use the –renew
flag for renewals. This will also deploy the updated cert.
acme.sh --issue --dns -d hostname.domain.tld -d san.domain.tld --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew
acme.sh --deploy --deploy-hook zimbra -d hostname.domain.tld -d san.domain.tld
See also Zimbra Self-Signed SSL Certs
If a cert is expired, you must reissue a new cert.
If a certificate renewal fails, try reissuing a new cert instead.
If you have trouble reissuing a new cert, recreate and deploy a new self-signed cert to get Zimbra 'working' again. Then re-implement a LetsEncrypt cert.