There has been some changes to letsencrypt https://community.letsencrypt.org/t/2018-01-11-update-regarding-acme-tls-sni-and-shared-hosting-infrastructure/50188
that may eventually cause issues for those using other letsencrypt validation methods that use acme TLS-SNI-02 and TLS-SNI-02 verification methods. If you use the DNS or http methods than the problem doesn't exist for you. I have upgraded acme.sh to the newest version to keep up with the new acme protocol standards... Upgrading can be done by:WARNING.
You should observe the ~/.acme.sh directory permissions after upgrading if you require zimbra to have read permission of your certs for installation... ie. You will trip this Bug 107454
during cert install otherwise. The certs will validate but will fail on the install portion leaving you with an ldap server failure. Solution: fix permission and rerun your zimbra cert install again.
The simplest method continues to be the DNS validation method if your DNS provider supports API access. One would add their API update key to your account.conf file in your ~/.acme.sh directory.
Example with CF ie. cloudflare (account.conf):
section 9 to see if your DNS provider is supported. My github also discusses this and the install script I use for zimbra.
The advantage of the DNS method is you don't have to be on the same server and do not have to take down zimbra while you get your certs sorted and verified. This allows a central repository verification and push methodology if you are so inclined. I also tend to throw an extra -d 'test.example.com' for my larger domains to facilitate testing new servers for upgrades, etc.