How to Secure Zimbra Mail Server with Let’s Encrypt SSL Certificate

Below steps have been tested on Centos 7 with Zimbra collaboration 8.8.12 release, but can also work on other versions of Zimbra.
This config also utilizes a script written by Jacob and published at https://github.com/YetOpen/certbot-zimbra.

STEPS

1. Switch to user zimbra and stop the services
$ zmcontrol stop

2. Switch to user root and run the following commands. Can also be run with sudo by a privileged user.
# mv /etc/letsencrypt /etc/letsencryptBKP
# mv /opt/zimbra/ssl/letsencrypt /opt/zimbra/ssl/letsencryptBKP
# rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key

NOTE: If you are doing a new setup, or depending on your previous setup, you may or may not have the above letsencrypt files. Therefore you can safely ignore the errors you might get while running the above commands.
# certbot certonly --preferred-chain 'ISRG Root X1'
# cd /tmp
# git clone https://github.com/YetOpen/certbot-zimbra
# cd certbot-zimbra
# ./certbot_zimbra.sh -d

NOTE: If at the tail end, after running the above script, you see some error like “An error seems to have occurred. Please read the output above for clues and try to rectify the situation.” It might be a bogus error, but it could be nice if you do the next step to confirm that indeed Zimbra can start up well and the ssl certificate is activated. Otherwise you will need to investigate further.

3. Switch to user zimbra and start the services
$ zmcontrol start

Kindly comment below if it works for you.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

©2023 ZMATECH: Innovative solutions for your IT challenges.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?