Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » ssl_cert_letsencrypt_zimbra
Trace:
internet:security:ssl_cert_letsencrypt_zimbra

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:ssl_cert_letsencrypt_zimbra [2022/01/18 09:42]
gcooper 		— (current)
Line 1: Line 1:
-====== Using LetsEncrypt SSL Certificates with Zimbra ====== 
- 
-https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt 
- 
-https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh 
- 
-https://github.com/acmesh-official/acme.sh 
- 
-https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert 
- 
-https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode 
- 
-<note warning> 
-Your Zimbra will be restarted during this process, taking users offline! 
-</note> 
- 
-<note warning>When using DNS auth for LetsEncrypt, you cannot automatically renew unless your DNS is hosted by a provider with a supported API.</note> 
- 
-<note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note> 
- 
-<note tip>When creating or renewing without a DNS API, you run an 'issue' command, then ADD records to your DNS, then rerun the 'issue' command with the --renew flag.</note> 
- 
-===== Install acme.sh ===== 
- 
-<file> 
-su -  
-mkdir /opt/zimbra/.acme.sh; chown zimbra:zimbra /opt/zimbra/.acme.sh 
- 
-su - zimbra 
-cd /opt/zimbra/.acme.sh 
-wget -O -  https://get.acme.sh | sh 
-</file> 
- 
-===== Configure for LetsEncrypt ===== 
- 
-Set defalt CA to LetsEncrypt 
- 
-<file> 
-su - zimbra 
-cd .acme.sh/ 
-./acme.sh --set-default-ca --preferred-chain "ISRG" --server letsencrypt 
-</file> 
- 
-===== Upgrade acme.sh ===== 
- 
-<file> 
-./acme.sh --upgrade 
-</file> 
- 
-===== View Deployed Certs ===== 
- 
-==== Zimbra ==== 
- 
-<file> 
-/opt/zimbra/bin/zmcertmgr viewdeployedcrt all 
-</file> 
- 
-==== acme.sh ==== 
- 
-<file> 
-./acme.sh --list 
-</file> 
- 
-===== Create or Renew Cert ===== 
- 
-Use the ''--renew'' flag for renewals.  This will also deploy the updated cert. 
- 
-<file> 
-acme.sh --issue --dns -d hostname.domain.tld -d san.domain.tld --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew 
-</file> 
- 
-===== Original Cert Deployment ===== 
- 
-<file> 
-acme.sh --deploy --deploy-hook zimbra -d hostname.domain.tld -d san.domain.tld 
-</file> 
- 
-===== Troubleshooting ===== 
- 
-See also **[[internet:mail:zimbra:zimbra_ssl#self-signed_certificates|Zimbra Self-Signed SSL Certs]]** 
- 
-If a cert is expired, you must reissue a new cert. 
- 
-If a certificate renewal fails, try reissuing a new cert instead. 
- 
-If you have trouble reissuing a new cert, recreate and deploy a new self-signed cert to get Zimbra 'working' again.  Then re-implement a LetsEncrypt cert. 
  
internet/security/ssl_cert_letsencrypt_zimbra.1642524146.txt.gz · Last modified: 2022/01/18 09:42 by gcooper

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki