Scribd
Upload
109 views

Renew Letsencrypt of Zimbra Server

This document provides instructions for renewing an SSL certificate issued by Let's Encrypt for a Zimbra server. The steps include: 1) Running 'letsencrypt renew' to get new certificates from Let's Encrypt 2) Copying the new files to the Zimbra SSL folder and changing ownership to Zimbra 3) Adding an additional root certificate to the certificate chain 4) Verifying the certificates and deploying the new SSL configuration by restarting Zimbra services.

Uploaded by

DIDJAY VIJAY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
109 views

Renew Letsencrypt of Zimbra Server

This document provides instructions for renewing an SSL certificate issued by Let's Encrypt for a Zimbra server. The steps include: 1) Running 'letsencrypt renew' to get new certificates from Let's Encrypt 2) Copying the new files to the Zimbra SSL folder and changing ownership to Zimbra 3) Adding an additional root certificate to the certificate chain 4) Verifying the certificates and deploying the new SSL configuration by restarting Zimbra services.

Uploaded by

DIDJAY VIJAY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Renew letsencrypt of Zimbra server

Posted on May 9, 2018 by adminx


After installing Letsencrypt SSL according
to https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_C
ertificate article you need to renew certificate later. To renew
certificate you can do following:
Login to server as root

$ letsencrypt renew

Change directory to Zimbra Letsecnrpyt SSL folder

# cd /opt/zimbra/ssl/letsencrypt/

Copy new SSL files to Zimbra Letsencrypt folder then change owner
to Zimbra.

# cp /etc/letsencrypt/live/yourdomain.com/* .

# chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

Add X3 root certificate to our chain.pem as described in here at the


bottom of chain.pem
# vim /opt/zimbra/ssl/letsencrypt/chain.pem

-----BEGIN CERTIFICATE-----

OUR CHAIN PART

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT

DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow

PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD

Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O

rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq

OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b

xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw

7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD

aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV

HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG

SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69

ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr

AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz

R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5

JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo

Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ

-----END CERTIFICATE-----

Now let’s check our certificates are verified via Zimbra certificate
manager

# su zimbra
$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

If you see done message in your console, first make a backup of


course…

# cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")

Before deploying the SSL Certificate, you need to move the


privkey.pem under the Zimbra SSL commercial path, like this:

# cp /opt/zimbra/ssl/letsencrypt/privkey.pem
/opt/zimbra/ssl/zimbra/commercial/commercial.key

We are ready to deploy new certificates, run deploycrt command via


zmcertmgr.

# su zimbra

$ /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

At last, restart.

# su zimbra

$ zmcontrol restart

Hopefully you now have renewed letsencrypt SSL of your Zimbra


server. You can check your SSL here.

You might also like