This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:security:ssl_cert_letsencrypt_zimbra [2022/08/02 09:26] gcooper |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Using LetsEncrypt SSL Certificates with Zimbra ====== | ||
- | |||
- | FIXME Need eval the latest info from Barry de Graaff (first link) | ||
- | |||
- | **Latest**: https:// | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | https:// | ||
- | |||
- | <note warning> | ||
- | Your Zimbra will be restarted during this process, taking users offline! | ||
- | </ | ||
- | |||
- | <note warning> | ||
- | |||
- | <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</ | ||
- | |||
- | <note tip>When creating or renewing without a DNS API, you run an ' | ||
- | |||
- | ===== Install acme.sh ===== | ||
- | |||
- | < | ||
- | su - | ||
- | mkdir / | ||
- | |||
- | su - zimbra | ||
- | cd / | ||
- | wget -O - https:// | ||
- | </ | ||
- | |||
- | ===== Configure for LetsEncrypt ===== | ||
- | |||
- | Set defalt CA to LetsEncrypt | ||
- | |||
- | < | ||
- | su - zimbra | ||
- | cd .acme.sh/ | ||
- | ./acme.sh --set-default-ca --preferred-chain " | ||
- | </ | ||
- | |||
- | ===== Upgrade acme.sh ===== | ||
- | |||
- | < | ||
- | ./acme.sh --upgrade | ||
- | </ | ||
- | |||
- | ===== View Deployed Certs ===== | ||
- | |||
- | ==== Zimbra ==== | ||
- | |||
- | < | ||
- | / | ||
- | </ | ||
- | |||
- | ==== acme.sh ==== | ||
- | |||
- | < | ||
- | ./acme.sh --list | ||
- | </ | ||
- | |||
- | ===== Create or Renew Cert ===== | ||
- | |||
- | Use the '' | ||
- | |||
- | < | ||
- | acme.sh --issue --dns -d hostname.domain.tld -d san.domain.tld --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew | ||
- | </ | ||
- | |||
- | ===== Original Cert Deployment ===== | ||
- | |||
- | < | ||
- | acme.sh --deploy --deploy-hook zimbra -d hostname.domain.tld -d san.domain.tld | ||
- | </ | ||
- | |||
- | ===== Troubleshooting ===== | ||
- | |||
- | See also **[[internet: | ||
- | |||
- | If a cert is expired, you must reissue a new cert. | ||
- | |||
- | If a certificate renewal fails, try reissuing a new cert instead. | ||
- | |||
- | If you have trouble reissuing a new cert, recreate and deploy a new self-signed cert to get Zimbra ' | ||