Unfortunately the previous solution stopped working after September 30, as the Letsencrypt root certificate expired.
After midnight, another decision was born.
- Remove certbot-auto and any Certbot OS packagesIf you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. The exact command to do this depends on your OS, but common examples are sudo apt-get remove certbot, sudo dnf remove certbot, or sudo yum remove certbot.If you previously used Certbot through the certbot-auto script, you should also remove its installation by following the instructions here.
- Install Certbot
$ sudo snap install --classic certbot
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Stop zimbra services
su zimbra zmproxyctl stop zmmailboxdctl stop
Obtain / renew certificate
certbot certonly --preferred-chain 'ISRG Root X1'
Use standalone mode. Output like this
Saving debug log to /var/log/letsencrypt/letsencrypt.log How would you like to authenticate with the ACME CA? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: Spin up a temporary webserver (standalone)
To save time, I decided to use the certbot-zimbra script.
git clone https://github.com/YetOpen/certbot-zimbra cd certbot-zimbra
Deploy new / renewed certificate to Zimbra
The certificates were installed successfully. You do not need to start zimbra services. certbot-zimbra it will be done automatically. That’s all..
- Zimbra reports “ Error: Queue report unavailable – mail system is down ”
- how to check zimbra version
- How to get Let’s Encrypt wildcard certificate using acme.sh
- How to block SASL login attacks in zimbra using csf
- how to export zimbra data cheat sheet