How to install / renew zimbra letsencrypt certificate after 30 sep 2021


Unfortunately the previous solution stopped working after September 30, as the Letsencrypt root certificate expired.

After midnight, another decision was born.

  1. Remove certbot-auto and any Certbot OS packagesIf you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.
  2. Install Certbot
$ sudo snap install --classic certbot


Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.

$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Stop zimbra services

su zimbra
zmproxyctl stop
zmmailboxdctl stop

Obtain / renew certificate

certbot certonly --preferred-chain 'ISRG Root X1'

Use standalone mode. Output like this

Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)

To save time, I decided to use the certbot-zimbra script.

git clone
cd certbot-zimbra

Deploy new / renewed certificate to Zimbra

./ -d

The certificates were installed successfully. You do not need to start zimbra services. certbot-zimbra it will be done automatically. That’s all..

Similar Posts:


How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 7

No votes so far! Be the first to rate this post.

2 thoughts on “How to install / renew zimbra letsencrypt certificate after 30 sep 2021”

  1. Thank you so much. I was pulling my hair out trying to figure out how to create the zimbra chain pem file manually only to have ldap keep failing on me.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top