How to Secure Zimbra Mail Server with Let’s Encrypt SSL Certificate
Below steps have been tested on Centos 7 with Zimbra collaboration 8.8.12 release, but can also work on other versions of Zimbra.
This config also utilizes a script written by Jacob and published at https://github.com/YetOpen/certbot-zimbra.
STEPS
1. Switch to user zimbra and stop the services
$ zmcontrol stop
2. Switch to user root and run the following commands. Can also be run with sudo by a privileged user.
# mv /etc/letsencrypt /etc/letsencryptBKP
# mv /opt/zimbra/ssl/letsencrypt /opt/zimbra/ssl/letsencryptBKP
# rm -f /opt/zimbra/ssl/zimbra/commercial/commercial.key
NOTE: If you are doing a new setup, or depending on your previous setup, you may or may not have the above letsencrypt files. Therefore you can safely ignore the errors you might get while running the above commands.
# certbot certonly --preferred-chain 'ISRG Root X1'
# cd /tmp
# git clone https://github.com/YetOpen/certbot-zimbra
# cd certbot-zimbra
# ./certbot_zimbra.sh -d
NOTE: If at the tail end, after running the above script, you see some error like “An error seems to have occurred. Please read the output above for clues and try to rectify the situation.” It might be a bogus error, but it could be nice if you do the next step to confirm that indeed Zimbra can start up well and the ssl certificate is activated. Otherwise you will need to investigate further.
3. Switch to user zimbra and start the services
$ zmcontrol start
Kindly comment below if it works for you.