[SOLVED] Zimbra 8.7 and letsencrypt ssl
[SOLVED] Zimbra 8.7 and letsencrypt ssl
Hi everyone!
From zimbra 8.6 and older, the letsencrypt ssl installation is simple and normal, but in new Zimbra 8.7, the utilities zmcertmgr always notify like that:
zmcertmgr: ERROR: no longer runs as root!
When I verified or deployed. Please check it!!
Thanks everyone!
From zimbra 8.6 and older, the letsencrypt ssl installation is simple and normal, but in new Zimbra 8.7, the utilities zmcertmgr always notify like that:
zmcertmgr: ERROR: no longer runs as root!
When I verified or deployed. Please check it!!
Thanks everyone!
- DualBoot
- Elite member
- Posts: 1326
- Joined: Mon Apr 18, 2016 8:18 pm
- Location: France - Earth
- ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
- Contact:
Re: Zimbra 8.7 and letsencrypt ssl
just read the message and change to zimbra user should do the trick.
The Guy - DualBoot
PostMaster - WikiMaster - SysAdmin
"Free Your Mind. Think Open Source"
april.org
Zetalliance Member - zetalliance.org
PostMaster - WikiMaster - SysAdmin
"Free Your Mind. Think Open Source"
april.org
Zetalliance Member - zetalliance.org
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: Zimbra 8.7 and letsencrypt ssl
Wiki updated
Best regards
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
Hi jorgedlcruz and DualBoot !
Thanks guys, I will check and confirm
Thanks guys, I will check and confirm
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
The case solved! Deployed and confirmed!! Thanks all!
-
- Posts: 31
- Joined: Sat Jul 16, 2016 3:09 pm
- ZCS/ZD Version: Release 8.8.9_GA_2055.RHEL7_64_2018
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
Hello
This also works with multi-domain solution?
* .domain.com
Mz
This also works with multi-domain solution?
* .domain.com
Mz
Version Used.
Release 10.0.7.GA.4518.RHEL8_64.20230301065514 NETWORK edition.
rspamd integrated antispam
Release 10.0.7.GA.4518.RHEL8_64.20230301065514 NETWORK edition.
rspamd integrated antispam
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
If those certificates expire after 90 days who would you automate the renewal. It is not of much use, if you would need to renew by hand every few months.
Gesendet von meinem SM-N910F mit Tapatalk
Gesendet von meinem SM-N910F mit Tapatalk
- jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
Hello MisterM74,
You have two ways to go from here:
Start another thread if you want more information, this topic, for one domain, is solved
You have two ways to go from here:
- Follow the Wiki steps, but then run this command to have Multi-SAN, not Wildcard, as Let's Encrypt doesn't work withWildcard -
Code: Select all
./letsencrypt-auto certonly --standalone -d fqdn1 -d fqdn2
- Run the command all the domains you need, for example mail.domain.com mail2.domain.net client3.domain.org
And then use the new SSL SNI, to assing each certificate, to the proper Domain - https://wiki.zimbra.com/wiki/Multiple_S ... _for_HTTPS
Code: Select all
./letsencrypt-auto certonly --standalone -d mail.domain.com ./letsencrypt-auto certonly --standalone -d mail2.domain.net ./letsencrypt-auto certonly --standalone -d client3.domain.org
Start another thread if you want more information, this topic, for one domain, is solved
-
- Posts: 31
- Joined: Sat Jul 16, 2016 3:09 pm
- ZCS/ZD Version: Release 8.8.9_GA_2055.RHEL7_64_2018
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
Hello
I understand that it is the longevity of this certificate?
Thank you for the details of the response, I have taken note.
Thank you
Mz
I understand that it is the longevity of this certificate?
Thank you for the details of the response, I have taken note.
Thank you
Mz
Version Used.
Release 10.0.7.GA.4518.RHEL8_64.20230301065514 NETWORK edition.
rspamd integrated antispam
Release 10.0.7.GA.4518.RHEL8_64.20230301065514 NETWORK edition.
rspamd integrated antispam
Re: [SOLVED] Zimbra 8.7 and letsencrypt ssl
Just as a little Note and warning: if you use the steps described in the Wiki and your Hostname Fqdn does not match the public domain name (which is pretty much always the case) after deployment of the lets encrypt certificates the ldap Server will fail to connect, since it somehow expects the local ldap Server to be able to be resolved on the public domain name and even after fixing this by adding an entry to the Hosts file it failed to connect to the local ldap Server, hence zimbra did not start anymore. Fortunately i had a Snapshot i could revert to.
Gesendet von meinem SM-N910F mit Tapatalk
Gesendet von meinem SM-N910F mit Tapatalk