Installing a LetsEncrypt SSL Certificate

Revision as of 09:58, 22 September 2021 by Barry de Graaff (talk | contribs)

Installing a Let's Encrypt SSL Certificate

   KB 22434        Last updated on 2021-09-22  

(one vote)


To use Zimbra with Let's Encrypt you have to use the --preferred-chain option.

You also need an up-to-date certbot, the ones packed in OS is too old. Consider using a snap.

In a scripted way, this is how I use it now, I run all these commands on a dedicated Letsencrypt VM and mail4 is my Zimbra server.

/usr/local/bin/certbot --manual --force-renewal --preferred-chain  "ISRG Root X1" --expand --manual-auth-hook /usr/local/sbin/ --manual-cleanup-hook /usr/local/sbin/ --preferred-challenges dns -d "" -d "*" -d "" -d "*" certonly --manual-public-ip-logging-ok -n

/usr/bin/scp -r /etc/letsencrypt/live/* root@mail4:/etc/letsencrypt/live/
/usr/bin/ssh root@mail4 'cp /etc/letsencrypt/live/ /opt/zimbra/ssl/zimbra/commercial/commercial.key'
/usr/bin/ssh root@mail4 'chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key'
/usr/bin/ssh root@mail4 'wget -O /tmp/ISRG-X1.pem ''
/usr/bin/ssh root@mail4 'cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/'
/usr/bin/ssh zimbra@mail4 '/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/ /etc/letsencrypt/live/'

Please note: You have to concatenate the isrgrootx1.pem CA certificate to the chain to make it work!!

Verified Against: Zimbra Collaboration 9.0, 8.8 Date Created: 22/09/2022
Article ID: Date Modified: 2021-09-22

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Wiki/KB reviewed by Jorge SME2 Copyeditor Last edit by Barry de Graaff
Jump to: navigation, search