How to Install SSL Certificate for Zimbra on CentOS

In this guide, you will learn how to set up an SSL certificate for Zimbra on an CentOS server. This script automates the process of installing and managing SSL certificates for Zimbra mail servers. It uses Certbot and certbot-zimbra for this purpose.

Step 1: Create the Script

Open a text editor on your CentOS server, and create a new file named install_zimbra_ssl.sh.

Copy and paste the following script into the file:

#!/bin/bash 
#Author: Kblinux.com
read -p "Enter Your Domain: " domain 
yum -y install certbot
# install certificate 
su - zimbra -c 'zmcontrol stop' 
certbot certonly --standalone -d $domain 
mkdir -p  /opt/zimbra/ssl/zimbra/commercial/ 
cp /etc/letsencrypt/live/$domain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key 
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key 
wget --no-check-certificate -O /tmp/ISRG-X1.pem https://raw.githubusercontent.com/kblinuxcom/BashShell/e0cb1d62629597cc051b9b98fbe2bb42caa4cedf/Zimbra-CA
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/$domain/chain.pem 
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/$domain/cert.pem /etc/letsencrypt/live/$domain/chain.pem" 
# install certbot-zimbra 
folder=/root/certbot-zimbra-0.7.11 
if [ ! -d  $folder ] 
then 
        wget --content-disposition https://github.com/YetOpen/certbot-zimbra/archive/0.7.11.tar.gz 
        tar xzf certbot-zimbra-0.7.11.tar.gz 
        cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/ 
        /usr/local/bin/certbot_zimbra.sh -d 
        su - zimbra -c 'zmcontrol restart' 
else 
        cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/ 
        /usr/local/bin/certbot_zimbra.sh -d 
        su - zimbra -c 'zmcontrol restart' 
fi 
# cron install certification 
a=`grep "/usr/bin/certbot" /var/spool/cron/root` 
if [[ -z "$a" ]] 
then 
        echo "0 0 * */2 * root /usr/bin/certbot renew --pre-hook \"/usr/local/bin/certbot_zimbra.sh -p\" --deploy-hook \"/usr/local/bin/certbot_zimbra.sh -d\"" >> /var/spool/cron/root 
fi

Step 2: Permissions and Execution

Make the script executable:

chmod +x install_zimbra_ssl.sh

Run the script

sudo ./install_zimbra_ssl.sh

Step 3: Follow Script Instructions

  1. When prompted, enter your domain name (e.g., example.com).
  2. The script will install Certbot and obtain an SSL certificate for the provided domain.
  3. It will set up the necessary certificate files for Zimbra and verify the certificate.
  4. The script will then install certbot-zimbra for easier certificate management.
  5. A cron job for certificate renewal will be set up to run daily.

Remember that this script assumes you have a basic understanding of the Linux command line and Zimbra mail server setup. Always ensure you have backups and test in a controlled environment before making changes in a production setting.

Knowledge Base Linux
Knowledge Base Linux

Kblinux is an abbreviation for the phrase "Knowledge Base Linux." The website shares instructional articles related to the Linux system. I hope my small blog will reach many people who share the same passion for Linux.

Articles: 40

KbLinux

Typically replies within a day

Hello, Welcome to the site. Please click below button for chatting me through Telegram.