![]() Make sure to request a certificate with the -preferred-chain "ISRG Root X1" option. Manual installation of Let’s Encrypt on Zimbra The cron job will renew your certificate about 1 month prior to the expiration date, you need to manually restart Zimbra before the renewal date to load the new certificate. Sudo su zimbra -c '/opt/zimbra/bin/zmcontrol restart' Ln -s /usr/local/sbin/letsencrypt-zimbra /etc/cron.daily/letsencrypt-zimbraįinally restart Zimbra to load the new certificate: Set the correct permission, set up a cron job and run the deployment:Ĭhmod +rx /usr/local/sbin/letsencrypt-zimbra Rm -f "/etc/letsencrypt/live/$(hostname -fqdn)/chainZimbra.pem" Su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/$(hostname -fqdn)/cert.pem" "/etc/letsencrypt/live/$(hostname -fqdn)/chainZimbra.pem"' usr/local/sbin/certbot certonly -d $(hostname -fqdn) -standalone -preferred-chain "ISRG Root X1" -agree-tos -register-unsafely-without-email Zimbra deploymentĬreate the following script that deploys the Let’s Encrypt certificate on Zimbra:Ĭat > /usr/local/sbin/letsencrypt-zimbra > "/etc/letsencrypt/live/$(hostname -fqdn)/chainZimbra.pem" Ln -s /opt/certbot/bin/certbot /usr/local/sbin/certbot opt/certbot/bin/pip install -upgrade pip Run below commands to install Cerbot and obtain a certificate:Īpt install -y python3 python3-venv libaugeas0 The newer version can be installed via snap or pip. ![]() If you are having trouble setting up Zimbra you can use our automated installer that will take care of Let’s Encrypt also: Ĭertbot in the Ubuntu repositories is too old and cannot be used for Zimbra. Zmprov ms `zmhostname` zimbraMailMode https Zmprov ms `zmhostname` zimbraReverseProxyMailMode https ![]() In case your Zimbra is listening on port 80, you have to switch the proxy mode like this: The following command should not have any output: This is not an issue as most browsers now try https first. Next check if Zimbra listens on port 80, Let’s Encrypt needs to be able to run a temporary webserver on port 80, so it can not be used by Zimbra. Next you should have set up a CAA DNS record so that Let’s Encrypt can issue certificates for your domain, to check run the following and make sure 0 issue "" is in the output of the sudo apt install -y net-tools dig +short type257 $(hostname -d) This guide assumes you are using Ubuntu 20 and you have set up a correct hostname and DNS, to check run the following as user zimbra and verify zmhostname is the same as hostname source ~/bin/zmshutil hostname -fqdn If you are running a multi server installation of Zimbra it is recommended you set-up a dedicated VM for obtaining the Let’s Encrypt certificate and follow the steps under Manual installation of Let’s Encrypt on Zimbra. This article is a step-by-step instruction on setting up a Zimbra with Let’s Encrypt certificates. This article is a Community contribution and may include unsupported customizations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |