If you’re using Debian 7 a.k.a wheezy which is end of life at this moment and you were using Let’s Encrypt was your SSL, then you might need some backward compatibility to continue. A possible work around for me as below:
chmod +x ./certbot-auto
For renewing an existing certificate you can use the following command instead:
Let’s Encrypt must be installed on one Linux machine to obtain the proper SSL Certificate, CA Intermediate, and Private Key. It is not required that it be on the same Zimbra Server, but it could save time and help to obtain the renewals, etc.
First Step is to stop the jetty or nginx service at Zimbra level
Second step is to Install git on the Server (apt-get install git/yum install git), and then do a git clone of the project on the folder we wantNote: On RedHat/CentOS 6 you will need to enable the EPEL repository before install.
git clone https://github.com/letsencrypt/letsencrypt
Let’s now run Let’s Encrypt in auto mode and use the certonly option, because for now the project can’t automatically install the cert on Zimbra servers.
root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone
If you need to have multiple hostnames on the same SSL, so a Multi-SAN, SSL, please run instead, where -d are your domains:
root@zimbra86:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com
Continue reading “Installing Let’s Encrypt on a Zimbra Server” »
In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)
$sudo apt-get install git (if not previously installed)
$sudo git clone https://github.com/certbot/certbot
Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:
$sudo service pound stop
once the service is stopped, run:
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly
by default, running the command above will generate the necessary key files (*.pem) in the following folder:
now, we need to create a private key file that Pound can understand, to do so run the following:
$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem
doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »