This is an old revision of the document!
See also Zimbra Self-Signed SSL Certs
Howto: https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate
If you have trouble reissuing a new cert, or if Zimbra won't start, recreate and deploy a new self-signed cert to get Zimbra 'working' again. Then re-implement a LetsEncrypt cert.
If a cert is expired, you must reissue a new cert.
If a certificate renewal fails, try reissuing a new cert instead.
#!/bin/bash # Modification to suppress e-mailed cron job notifications every day MAILTO="" # /usr/local/sbin/certbot certonly --cert-name zimbra3.virtualarchitects.com -d zimbra3.virtualarchitects.com -d zimbra.virtualarchitects.com --standalone --manual-public-ip-logging-ok -n --preferred-chain "ISRG Root X1" --agree-tos --register-unsafely-without-email # # Modification to test if cert was changed then exit script if grep "not yet due for renewal" /var/log/letsencrypt/letsencrypt.log; then exit 0 fi # cp "/etc/letsencrypt/live/zimbra.yourdomain.tld/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem" cp "/etc/letsencrypt/live/zimbra.yourdomain.tld/chain.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem" cat /tmp/ISRG-X1.pem >> "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/chainZimbra.pem" chown zimbra:zimbra /etc/letsencrypt -R cd /tmp su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"' rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"