This is an old revision of the document!

Using LetsEncrypt SSL Certificates with Zimbra

https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt

https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh

Your Zimbra will be restarted during this process, taking users offline!

When using DNS auth for LetsEncrypt, you cannot automatically renew unless your DNS is hosted by a provider with a supported API.

Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.

When creating or renewing without a DNS API, you run an 'issue' command, then ADD records to your DNS, then rerun the 'issue' command with the –renew flag.

Install acme.sh

su - 
mkdir /opt/zimbra/.acme.sh; chown zimbra:zimbra /opt/zimbra/.acme.sh

su - zimbra
cd /opt/zimbra/.acme.sh
wget -O -  https://get.acme.sh | sh

Configure for LetsEncrypt

Set defalt CA to LetsEncrypt

su - zimbra
cd .acme.sh/
./acme.sh --set-default-ca --preferred-chain "ISRG" --server letsencrypt

Upgrade acme.sh

./acme.sh --upgrade

View Deployed Certs

Zimbra

/opt/zimbra/bin/zmcertmgr viewdeployedcrt all

acme.sh

./acme.sh --list

Create or Renew Cert

Use the –renew flag for renewals. This will also deploy the updated cert.

acme.sh --issue --dns -d hostname.domain.tld -d san.domain.tld --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew

Original Cert Deployment

acme.sh --deploy --deploy-hook zimbra -d hostname.domain.tld -d san.domain.tld

Virtual Architects Support Wiki

Table of Contents

Using LetsEncrypt SSL Certificates with Zimbra

Install acme.sh

Configure for LetsEncrypt

Upgrade acme.sh

View Deployed Certs

Zimbra

acme.sh

Create or Renew Cert

Original Cert Deployment

Troubleshooting

Virtual Architects Support Wiki

User Tools

Site Tools

Table of Contents

Using LetsEncrypt SSL Certificates with Zimbra

Install acme.sh

Configure for LetsEncrypt

Upgrade acme.sh

View Deployed Certs

Zimbra

acme.sh

Create or Renew Cert

Original Cert Deployment

Troubleshooting

Page Tools