SSL certificate setup
sudo su - yum -y install git epel-release git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto certonly --standalone -d mail.agink.id
cd /etc/letsencrypt/live/mail.agink.id/
wget https://letsencrypt.org/certs/isrgrootx1.pem.txt
wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txtcd /etc/letsencrypt/live/mail.agink.id/
cat isrgrootx1.pem.txt letsencryptauthorityx3.pem.txt chain.pem > combined.pem
mkdir /opt/zimbra/ssl/letsencrypt
cp /etc/letsencrypt/live/mail.agink.id/* /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
ls -la /opt/zimbra/ssl/letsencrypt/su - zimbra
zmproxyctl stop
zmmailboxdctl stopcd /opt/zimbra/ssl/letsencrypt/
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem combined.pem
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem combined.pem
zmcontrol restartSSL certificate renewal configuration via crontab
1. Create /root/renew-certificate.sh
vi /etc/scripts/renew-certificate.sh
su - zimbra -c "zmcontrol stop"
/root/letsencrypt/letsencrypt-auto renew
cp /etc/letsencrypt/live/mail.agink.id/privkey.pem /opt/zimbra/ssl/letsencrypt/
cp /etc/letsencrypt/live/mail.agink.id/cert.pem /opt/zimbra/ssl/letsencrypt/
cp /opt/zimbra/ssl/letsencrypt/privkey.pem
/opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
su - zimbra -c "cd /opt/zimbra/ssl/letsencrypt/; /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem combined.pem"
su - zimbra -c "zmcontrol start"2. Make execution files
chmod +x /etc/scripts/renew-certificate.sh
3. For root user crontab (crontab -e) add:
10 5 * * 0 /etc/scripts/renew-certificate.sh