How to Install SSL Certificate for Zimbra on Ubuntu

In this guide, you will learn how to set up an SSL certificate for Zimbra on an Ubuntu server. This script automates the process of installing and managing SSL certificates for Zimbra mail servers. It uses Certbot and certbot-zimbra for this purpose.

Step 1: Create the Script

Open a text editor on your Ubuntu server, and create a new file named install_zimbra_ssl.sh.

Copy and paste the following script into the file:

#!/bin/bash
#Author: Kblinux.com

read -p "Enter Your Domain: " domain

# Install certbot
apt-get update
apt-get install certbot -y

# Stop Zimbra
su - zimbra -c 'zmcontrol stop'

# Obtain certificate
certbot certonly --standalone -d $domain

# Set up certificate files
mkdir -p /opt/zimbra/ssl/zimbra/commercial/
cp /etc/letsencrypt/live/$domain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key

# Obtain ISRG-X1 chain
wget --no-check-certificate -O /tmp/ISRG-X1.pem https://raw.githubusercontent.com/kblinuxcom/BashShell/e0cb1d62629597cc051b9b98fbe2bb42caa4cedf/Zimbra-CA

echo > /etc/letsencrypt/live/$domain/chain.pem
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/$domain/chain.pem

# Verify certificate
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/$domain/cert.pem /etc/letsencrypt/live/$domain/chain.pem"

# Install certbot-zimbra
folder=/root/certbot-zimbra-0.7.11
if [ ! -d $folder ]; then
    wget --content-disposition https://github.com/YetOpen/certbot-zimbra/archive/0.7.11.tar.gz
    tar xzf certbot-zimbra-0.7.11.tar.gz
    cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
    /usr/local/bin/certbot_zimbra.sh -d
    su - zimbra -c 'zmcontrol restart'
else
    cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
    /usr/local/bin/certbot_zimbra.sh -d
    su - zimbra -c 'zmcontrol restart'
fi

# Set up cron job for certificate renewal
if ! crontab -l | grep -q "/usr/bin/certbot"; then
    echo "0 0 * * * root /usr/bin/certbot renew --pre-hook \"/usr/local/bin/certbot_zimbra.sh -p\" --deploy-hook \"/usr/local/bin/certbot_zimbra.sh -d\"" >> /var/spool/cron/root
fi

Step 2: Permissions and Execution

Make the script executable:

chmod +x install_zimbra_ssl.sh

Run the script

sudo ./install_zimbra_ssl.sh

Step 3: Follow Script Instructions

  1. When prompted, enter your domain name (e.g., example.com).
  2. The script will install Certbot and obtain an SSL certificate for the provided domain.
  3. It will set up the necessary certificate files for Zimbra and verify the certificate.
  4. The script will then install certbot-zimbra for easier certificate management.
  5. A cron job for certificate renewal will be set up to run daily.

Remember that this script assumes you have a basic understanding of the Linux command line and Zimbra mail server setup. Always ensure you have backups and test in a controlled environment before making changes in a production setting.

Knowledge Base Linux
Knowledge Base Linux

Kblinux is an abbreviation for the phrase "Knowledge Base Linux." The website shares instructional articles related to the Linux system. I hope my small blog will reach many people who share the same passion for Linux.

Articles: 42

KbLinux

Typically replies within a day

Hello, Welcome to the site. Please click below button for chatting me through Telegram.