Wildcard Certificate

[Harery]

hello folks
i'm using lets encrypt wildcard certificate for my domain and multi sub-domain

i need to install that wildcard certificate to my mail zimbra 8.8 but i don't know how !?

the files i already has from lets encrypt are
cert1.pem
chain1.pem
fullchain1.pem
privkey1.pem

i appreciate your help guys

[L. Mark Stone]

These will help:

https://wiki.zimbra.com/wiki/Administra ... cate_Tools

https://wiki.zimbra.com/wiki/Installing ... ertificate

Mark

[JDunphy]

hello folks
i'm using lets encrypt wildcard certificate for my domain and multi sub-domain

i need to install that wildcard certificate to my mail zimbra 8.8 but i don't know how !?

the files i already has from lets encrypt are
cert1.pem
chain1.pem
fullchain1.pem
privkey1.pem

i appreciate your help guys

Just guessing how you created that cert and what is inside those files. Thinking this might work:

Code: Select all

cat << EOF >> fullchain1.pem
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
EOF

cp privkey1.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey1.pem cert1.pem fullchain1.pem
/opt/zimbra/bin/zmcertmgr deploycrt comm cert1.pem fullchain1.pem

Note: My usual way is using DNS validation but it could be any validation method...

Code: Select all

% su - zimbra
% wget -O -  https://get.acme.sh | sh
% cd .acme.sh

#will create certs in ~/.acme.sh - Does not install.
% ./acme.sh --issue --dns dns_cf -d example.com -d '*.example.com'

# will deploy or re-new certs if its time
% ./acme.sh --issue --deploy --deploy-hook zimbra --dns dns_cf -d example.com -d '*.example.com'

Ref:viewtopic.php?f=15&t=60781