In this guide, you will learn how to set up an SSL certificate for Zimbra on an CentOS server. This script automates the process of installing and managing SSL certificates for Zimbra mail servers. It uses Certbot and certbot-zimbra for this purpose.
Step 1: Create the Script
Open a text editor on your CentOS server, and create a new file named install_zimbra_ssl.sh
.
Copy and paste the following script into the file:
#!/bin/bash
#Author: Kblinux.com
read -p "Enter Your Domain: " domain
yum -y install certbot
# install certificate
su - zimbra -c 'zmcontrol stop'
certbot certonly --standalone -d $domain
mkdir -p /opt/zimbra/ssl/zimbra/commercial/
cp /etc/letsencrypt/live/$domain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
wget --no-check-certificate -O /tmp/ISRG-X1.pem https://raw.githubusercontent.com/kblinuxcom/BashShell/e0cb1d62629597cc051b9b98fbe2bb42caa4cedf/Zimbra-CA
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/$domain/chain.pem
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/$domain/cert.pem /etc/letsencrypt/live/$domain/chain.pem"
# install certbot-zimbra
folder=/root/certbot-zimbra-0.7.11
if [ ! -d $folder ]
then
wget --content-disposition https://github.com/YetOpen/certbot-zimbra/archive/0.7.11.tar.gz
tar xzf certbot-zimbra-0.7.11.tar.gz
cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
/usr/local/bin/certbot_zimbra.sh -d
su - zimbra -c 'zmcontrol restart'
else
cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
/usr/local/bin/certbot_zimbra.sh -d
su - zimbra -c 'zmcontrol restart'
fi
# cron install certification
a=`grep "/usr/bin/certbot" /var/spool/cron/root`
if [[ -z "$a" ]]
then
echo "0 0 * */2 * root /usr/bin/certbot renew --pre-hook \"/usr/local/bin/certbot_zimbra.sh -p\" --deploy-hook \"/usr/local/bin/certbot_zimbra.sh -d\"" >> /var/spool/cron/root
fi
Step 2: Permissions and Execution
Make the script executable:
chmod +x install_zimbra_ssl.sh
Run the script
sudo ./install_zimbra_ssl.sh
Step 3: Follow Script Instructions
- When prompted, enter your domain name (e.g., example.com).
- The script will install Certbot and obtain an SSL certificate for the provided domain.
- It will set up the necessary certificate files for Zimbra and verify the certificate.
- The script will then install certbot-zimbra for easier certificate management.
- A cron job for certificate renewal will be set up to run daily.
Remember that this script assumes you have a basic understanding of the Linux command line and Zimbra mail server setup. Always ensure you have backups and test in a controlled environment before making changes in a production setting.