There’s an extensive guide on Zimbra’s Wiki on how to (manually) set up a Letsencrypt certificate in Zimbra Collboration Server.
But would you like to simply type:
and deploy the certificate?
The script I developed takes a different approach than the previous ones: it patches Zimbra’s nginx to allow the bypass of /.well-known webserver location to certbot executable.
certbot, the letsencrypt automated script. Version >=0.7.0 is highly recommended, mainly because of the ability to execute a command when the certificate is renewed.
zimbra-proxy package must be installed (but shouldn’t be a big issue, since it’s a compulsory requirement since 8.6).
To obtain Certbot I’d suggest to use the EFF way:
wget https://dl.eff.org/certbot-auto -P /usr/local/bin chmod a+x /usr/local/bin/certbot-auto
The certbot-zimbra can be cloned from GitHub:
cd /usr/local/src git clone https://github.com/YetOpen/certbot-zimbra.git cd certbot-zimbra
At this point to obtain and install the letsencrypt certificate in Zimbra just run (as root):
the script will
- patch nginx;
- request the certificate (for the host defined by zmhostname);
- verify the certificate;
- install the letsencrypt certificate in Zimbra;
- restart Zimbra.
Now what about renewal? In your favorite cron place add the following line:
55 4 * * * root /usr/bin/certbot renew --post-hook "/usr/local/src/certbot-zimbra/certbot_zimbra.sh -r -d $(zmhostname)"
The certbot will check if there’s an update needed daily, and when the certificate is renewed the script is called to deploy the new cert in Zimbra (and Zimbra is restarted).
The script is published on GitHub. Suggestion, feedback and pull requests are welcome at: https://github.com/yetopen/certbot-zimbra