certbot-zimbra
1 min read

certbot-zimbra

Automated letsencrypt/certbot certificate deploy script for Zimbra hosts.

The script tweaks zimbra's nginx config to allow access of .well-known webserver location from local files instead of redirecting upstream to jsp. So it may not be used if there's no zimbra-nginx package installed.

Letsencrypt by default tries to verify a domain using https, so the script should work fine if zimbraReverseProxyMailModes is set to both or https. May not work for http only.

This is still a BETA script. Tested on:

  • 8.8.8_UBUNTU16
  • 8.7.11_RHEL7
  • 8.6_RHEL7
  • 8.6_UBUNTU12

Requirements

  • zimbra-proxy package is required (for !https mode)
  • of course either certbot or letsencrypt binary is required

Certbot installation

The preferred way is to install it is by using the wizard at certbot's home. Choose None of the above as software and your operating system. This will allow you to install easily upgradable system packages.

By installing Certbot via packages it automatically creates a cron schedule to renew certificates. We must disable this schedulebecause after the renew we must deploy it in Zimbra. So open /etc/cron.d/certbot with your favourite editor and comment the last line.

For more check the project page on github
https://github.com/YetOpen/certbot-zimbra

Enjoying these posts? Subscribe for more