In this guide, you will learn how to set up an SSL certificate for Zimbra on an Ubuntu server. This script automates the process of installing and managing SSL certificates for Zimbra mail servers. It uses Certbot and certbot-zimbra for this purpose.
Step 1: Create the Script
Open a text editor on your Ubuntu server, and create a new file named install_zimbra_ssl.sh
.
Copy and paste the following script into the file:
#!/bin/bash
#Author: Kblinux.com
read -p "Enter Your Domain: " domain
# Install certbot
apt-get update
apt-get install certbot -y
# Stop Zimbra
su - zimbra -c 'zmcontrol stop'
# Obtain certificate
certbot certonly --standalone -d $domain
# Set up certificate files
mkdir -p /opt/zimbra/ssl/zimbra/commercial/
cp /etc/letsencrypt/live/$domain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
# Obtain ISRG-X1 chain
wget --no-check-certificate -O /tmp/ISRG-X1.pem https://raw.githubusercontent.com/kblinuxcom/BashShell/e0cb1d62629597cc051b9b98fbe2bb42caa4cedf/Zimbra-CA
echo > /etc/letsencrypt/live/$domain/chain.pem
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/$domain/chain.pem
# Verify certificate
su - zimbra -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/$domain/cert.pem /etc/letsencrypt/live/$domain/chain.pem"
# Install certbot-zimbra
folder=/root/certbot-zimbra-0.7.11
if [ ! -d $folder ]; then
wget --content-disposition https://github.com/YetOpen/certbot-zimbra/archive/0.7.11.tar.gz
tar xzf certbot-zimbra-0.7.11.tar.gz
cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
/usr/local/bin/certbot_zimbra.sh -d
su - zimbra -c 'zmcontrol restart'
else
cd certbot-zimbra-0.7.11 && cp certbot_zimbra.sh /usr/local/bin/
/usr/local/bin/certbot_zimbra.sh -d
su - zimbra -c 'zmcontrol restart'
fi
# Set up cron job for certificate renewal
if ! crontab -l | grep -q "/usr/bin/certbot"; then
echo "0 0 * * * root /usr/bin/certbot renew --pre-hook \"/usr/local/bin/certbot_zimbra.sh -p\" --deploy-hook \"/usr/local/bin/certbot_zimbra.sh -d\"" >> /var/spool/cron/root
fi
Step 2: Permissions and Execution
Make the script executable:
chmod +x install_zimbra_ssl.sh
Run the script
sudo ./install_zimbra_ssl.sh
Step 3: Follow Script Instructions
- When prompted, enter your domain name (e.g., example.com).
- The script will install Certbot and obtain an SSL certificate for the provided domain.
- It will set up the necessary certificate files for Zimbra and verify the certificate.
- The script will then install certbot-zimbra for easier certificate management.
- A cron job for certificate renewal will be set up to run daily.
Remember that this script assumes you have a basic understanding of the Linux command line and Zimbra mail server setup. Always ensure you have backups and test in a controlled environment before making changes in a production setting.