Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
-
jorgedlcruz
- Zimbra Alumni
- Posts: 2782
- Joined: Thu May 22, 2014 4:47 pm
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
Hi guys,
Past 3 of December Let's Encrypt goes into Public Beta, which means we can start testing this new way to obtain a free SSL Certificate, the Companies behind this Technology are:
Mozilla
Akamai
Cisco
EFF
and much others, see the rest
Here at Zimbra, I've tested in my lab and I didn't saw any issues, but I've just tested on one server, with one domain, nothing really huge, as the project mentions, this is a Beta project for now, and you must use it in staging or test servers, but at least you have now the full Steps documented.
https://wiki.zimbra.com/index.php?title ... ertificate
Like usual, we are looking forward to have your feedback on issues with this new SSL Certificate, your thoughts and ideas, and maybe complex scenarios like Multi-Server, and Multi-Domain.
Best regards
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
Based on my little experience, the right command is "./letsencrypt-auto certonly --standalone" if web server is not avalaible for domain validation.
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
I've been using a 3rd party client for Let's Encrypt called simp_le for an Apache web server. ( https://github.com/kuba/simp_le ). It's non-interactive, so it can be scripted. Depending on how you setup your scripts and permissions for automating it, you can run it as a non-root user. It does not modify the Apache configuration in any way. I'd like to see if I can get it working for Zimbra, however it requires the document root path of the web server for the domain ownership verification token. Is there a path in the Zimbra installation directory where the token could be placed? Do any services need to be stopped/restarted before or after the token file is placed there? It expects to find the token file at the following URL zimbra.example.com/.well-known/<tokenfile>. Any way that this could work with Zimbra?
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
I forgot to mention that I'm running the open source edition of Zimbra version 8.0
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
i just followed the steps and it worked great on zimbra open source 8.6.
now, what if there are one domain mail.zimbra.com and additionals alias like imap.zimbra.com, smtp.zimbra.com, pop.zimbra.com ?
how can i extend these steps to apply on this case?
thanks!
now, what if there are one domain mail.zimbra.com and additionals alias like imap.zimbra.com, smtp.zimbra.com, pop.zimbra.com ?
how can i extend these steps to apply on this case?
thanks!
Installing a Let's Encrypt SSL Certificate - Complete Wiki Steps
Thanks for this write up. I followed the steps in the wiki article, but the cert fails validation:
# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying cert.pem against privkey.pem
Certificate (cert.pem) and private key (privkey.pem) match.
XXXXX ERROR: Invalid Certificate: cert.pem: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1
error 2 at 1 depth lookup:unable to get issuer certificate
Any ideas? I get the same failure with fullchain.pem as well.
# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying cert.pem against privkey.pem
Certificate (cert.pem) and private key (privkey.pem) match.
XXXXX ERROR: Invalid Certificate: cert.pem: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X1
error 2 at 1 depth lookup:unable to get issuer certificate
Any ideas? I get the same failure with fullchain.pem as well.