Installing a LetsEncrypt SSL Certificate: Difference between revisions
No edit summary |
|||
Line 3: | Line 3: | ||
<div class="col-md-12 ibox-content"> | <div class="col-md-12 ibox-content"> | ||
=Installing a Let's Encrypt SSL Certificate= | =Installing a Let's Encrypt SSL Certificate= | ||
{{KB|{{Unsupported}}|{{ZCS | {{KB|{{Unsupported}}|{{ZCS 9.0}}|{{ZCS 8.8}}|}} | ||
==Purpose== | ==Purpose== | ||
Line 26: | Line 26: | ||
Please note: You have to concatenate the isrgrootx1.pem CA certificate to the chain to make it work!! | Please note: You have to concatenate the isrgrootx1.pem CA certificate to the chain to make it work!! | ||
{{Article Footer|Zimbra Collaboration 9.0, 8.8|22/09/2022}} | |||
{{Article Footer|Zimbra Collaboration | |||
{{NeedSME|Jorge|SME2|Copyeditor}} | {{NeedSME|Jorge|SME2|Copyeditor}} | ||
[[Category:Certificates]] | [[Category:Certificates]] |
Revision as of 09:58, 22 September 2021
Installing a Let's Encrypt SSL Certificate
Purpose
To use Zimbra with Let's Encrypt you have to use the --preferred-chain option.
You also need an up-to-date certbot, the ones packed in OS is too old. Consider using a snap. https://certbot.eff.org/lets-encrypt/ubuntufocal-apache.html
In a scripted way, this is how I use it now, I run all these commands on a dedicated Letsencrypt VM and mail4 is my Zimbra server.
/usr/local/bin/certbot --manual --force-renewal --preferred-chain "ISRG Root X1" --expand --manual-auth-hook /usr/local/sbin/hook.sh --manual-cleanup-hook /usr/local/sbin/cleanhook.sh --preferred-challenges dns -d "barrytest.tk" -d "*.barrytest.tk" -d "zimbratest.tk" -d "*.zimbratest.tk" certonly --manual-public-ip-logging-ok -n /usr/bin/scp -r /etc/letsencrypt/live/barrytest.tk/* root@mail4:/etc/letsencrypt/live/barrytest.tk/ /usr/bin/ssh root@mail4 'cp /etc/letsencrypt/live/barrytest.tk/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key' /usr/bin/ssh root@mail4 'chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key' /usr/bin/ssh root@mail4 'wget -O /tmp/ISRG-X1.pem 'https://letsencrypt.org/certs/isrgrootx1.pem.txt' /usr/bin/ssh root@mail4 'cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/barrytest.tk/chain.pem' /usr/bin/ssh zimbra@mail4 '/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/barrytest.tk/cert.pem /etc/letsencrypt/live/barrytest.tk/chain.pem'
Please note: You have to concatenate the isrgrootx1.pem CA certificate to the chain to make it work!!