Renew letsencrypt of Zimbra server

Friday, February 12, 2021

Renew letsencrypt of Zimbra server

$ letsencrypt renew

Change directory to Zimbra Letsecnrpyt SSL folder

# cd /opt/zimbra/ssl/letsencrypt/

Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra.

# cp /etc/letsencrypt/live/yourdomain.com/* .
# chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

Add X3 root certificate to our chain.pem as described in here https://letsencrypt.org/certs/trustid-x3-root.pem.txt at the bottom of chain.pem

# vim /opt/zimbra/ssl/letsencrypt/chain.pem
-----BEGIN CERTIFICATE-----
 OUR CHAIN PART
 -----END CERTIFICATE-----
 -----BEGIN CERTIFICATE-----
 MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
 MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
 DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
 PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
 Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
 rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
 OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
 xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
 aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
 HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
 SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
 AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
 R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
 Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 -----END CERTIFICATE-----

Now let’s check our certificates are verified via Zimbra certificate manager

# su zimbra
$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

If you see done message in your console, first make a backup of course…

# cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")

Before deploying the SSL Certificate, you need to move the privkey.pem under the Zimbra SSL commercial path, like this:

# cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

We are ready to deploy new certificates, run deploycrt command via zmcertmgr.

# su zimbra
$ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

At last, restart.

# su zimbra
$ zmcontrol restart

Src::https://medium.com/@pkhadka56/renew-letsencrypt-of-zimbra-server-9cd0c175f2e8

Posted by adminz at 08:45:57 in ລີນຸກ, ຊອບແວ, ອີເມວ
1028 views Add a comment

IF(A73X) {TRUE;}

Friday, February 12, 2021