Comments on: Install Let’s Encrypt ssl certificate in Zimbra automated https://devopslite.com/install-lets-encrypt-ssl-certificate-in-zimbra-automated/ DevOps Howtos, Tutorials & Guides Sun, 07 Apr 2024 09:51:31 +0000 hourly 1 By: Andrej Pirman https://devopslite.com/install-lets-encrypt-ssl-certificate-in-zimbra-automated/#comment-80 Sun, 22 Sep 2019 15:42:07 +0000 https://devopslite.com/?p=365#comment-80 Thank you, excellent tutorial…but you missed something crucial: Most of Zimbra installations will only listen on 443 port and NOT on 80, but certbot needs port 80 to issue the cert. So you need to temporarily allow port 80 on BOTH, zimbra server itself AND on firewall.
For Zimbra to switch from curent MODE to 443/80 MODE, you first need to check what mode your ZCS server is in right now:
Run as “zimbra” user:
zmprov getServer YOUR.SERVER.NAME zimbraReverseProxyMailMode
Make a note, whether it is “redirect” or some other mode to set it up later into the same mode.
then swithch to BOTH mode:
zmprov ms YOUR.SERVEr.NAME zimbraReverseProxyMailMode both
Now you can run the above mentioned certbot_zimbra.sh to renew/install LE SSL.

After script finishes, return to original mode, again as “zimbra” user, for example to return to “redirect” mode:
zmprov ms YOUR.SERVER.NAME zimbraReverseProxyMailMode redirect
And that’s it.

]]>