Zimbra Letsencrypt SSL Renew – Zimbra 8.6

Let’s Begin:
This works if you already have an expired letsencrypt ssl certificate and assuming you have already deployed SSL in you zimbra system. However, if you come up here already, and would like to know how to setup letsencrypt on your system you may read my other article here:

https://tweenpath.net/installing-encrypt-zimbra-server/ 

Log on Zimbra user then stop proxy and mail box service for renew proccess.

su zimbra
zmproxyctl stop
zmmailboxdctl stop

Then return root user and renew Letsencrypt certificate

exit

letsencrypt renew: Change directory to Zimbra Letsecnrpyt SSL folder

cd /opt/zimbra/ssl/letsencrypt/

Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra.

At this point change {YourSSLDomain} to your domain which is we are working on.

cp /etc/letsencrypt/live/{YourSSLDomain}/* .
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

Add X3 root certificate to our chain.pem

nano /opt/zimbra/ssl/letsencrypt/chain.pem
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Now let’s check our certificates are verified via Zimbra certificate manager

/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

If you see done or OK message in your console, first make a backup of course and update the commercial.key…

cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

Soooo, we are ready to deploy new certificates, run deploycrt command via zmcertmgr.

/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

at last, here is a happy restart.

su zimbra
zmcontrol restart

Src:

https://gist.github.com/ugurerkan/6e9e3addf9a574ad0c57039164570e6f

Share

1 thought on “Zimbra Letsencrypt SSL Renew – Zimbra 8.6”

  1. Thank you very much for such a good tutorial. I am new at zimbra. Please can you explain how can I get new SSL file during renewal process? Suddenly I am a monitor of a live zimbra server and now it’s SSL certificate is expire. I have found that expired certificate was let’s encrypt. your tutorial is very helpful but I don’t understand how to get new file for renewal. Please help me.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.