$type=ticker$count=12$cols=4$cate=0

Zimbra Letsencrypt SSL Renew Using ACME October 08, 2021

0 0 Friday, October 8, 2021 Edit this post

Based This statement  Update September 30, 2021  As planned, the DST Root CA X3 cross-sign has expired, and we’re now using our own ISRG Roo...


Based This statement 

Update September 30, 2021 As planned, the DST Root CA X3 cross-sign has expired, and we’re now using our own ISRG Root X1 for trust on almost all devices. For more details about the plan, keep reading! We have also updated our Production Chain Changes thread on our community forum - our team and community are here and ready to help  with any questions you may have about this expiration.

https://letsencrypt.org/id/docs/dst-root-ca-x3-expiration-september-2021/

So we need new methode to make zimbra ssl alive

and we found it.

Install ACME

Log in as root and run the following command to renew.
git clone https://github.com/acmesh-official/acme.sh.git
cd ./acme.sh
./acme.sh --install -m my@example.com
change the default ca:
nano acme.sh

DEFAULT_CA=$CA_LETSENCRYPT_V2
#DEFAULT_CA=$CA_ZEROSSL

Just issue a cert

./acme.sh --issue --standalone -d example.com

(Append ISRG Root X1 to fullchain)

cd ~/.acme.sh/mail.example.com 
echo '-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----' >> fullchain.cer

Copy the important thing to /tmp

% cp mail.example.com.key mail.example.com.cer fullchain.cer /tmp
Verify your certificate

% su - zimbra
% cd /tmp
% /opt/zimbra/bin/zmcertmgr verifycrt comm mail.example.com.key mail.example.com.cer fullchain.cer

Deploy New certificate

% cp mail.example.key /opt/zimbra/ssl/zimbra/commercial/commercial.key
% /opt/zimbra/bin/zmcertmgr deploycrt comm mail.example.com.cer fullchain.cer

Finally restart Zimbra

su zimbra
zmcontrol restart
Source : 1 . https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt#Letsencrypt_-_Another_Method_Using_acme.sh_to_Generate_Certs 
3. https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh/tree/master/Recipies/SingleServer
4. https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate

Labels:

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
DISQUS
Name

BIND,1,Bird,1,Bird Routing Daemon,1,FreeBSD,1,Linux,2,Mail,4,UNIX-like,1,Wireless,1,ZImbra,4,
ltr
item
Linux and FreeBSD Diary: Zimbra Letsencrypt SSL Renew Using ACME October 08, 2021
Zimbra Letsencrypt SSL Renew Using ACME October 08, 2021
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghzJOhguU5xcp1Xl5i-3qYVHrTIz8eeli_pnZ_jus76-G-oAgsxfTFlurmrLvW2zzrU006nneH8IBA0C5mXSQTmKLWKppMMb4nUAe7YqEeg95Ck4ihKeCFxrDrNcR92b04q8f4Yvqi_gSVv6BDwzNag7JWKvtWvv9eRomSjI5PQwXwN85ebCa7hmmJ/s1600/zimbra.png
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghzJOhguU5xcp1Xl5i-3qYVHrTIz8eeli_pnZ_jus76-G-oAgsxfTFlurmrLvW2zzrU006nneH8IBA0C5mXSQTmKLWKppMMb4nUAe7YqEeg95Ck4ihKeCFxrDrNcR92b04q8f4Yvqi_gSVv6BDwzNag7JWKvtWvv9eRomSjI5PQwXwN85ebCa7hmmJ/s72-c/zimbra.png
Linux and FreeBSD Diary
http://dudi.channel-11.net/2021/10/zimbra-letsencrypt-ssl-renew-using-acme.html
http://dudi.channel-11.net/
http://dudi.channel-11.net/
http://dudi.channel-11.net/2021/10/zimbra-letsencrypt-ssl-renew-using-acme.html
true
1562377050106029204
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share to a social network STEP 2: Click the link on your social network Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy Table of Content