ahmed-abdelazim/zimbra-ssl.sh

## zimbra-ssl.sh
export YourSSLDomain=mail.yourdomain.com
# Renew or generate cert
certbot renew
# Copy cert
cp /etc/letsencrypt/live/$YourSSLDomain/* /opt/zimbra/ssl/letsencrypt
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

# if first time copy the key to the right place
cp /etc/letsencrypt/live/$YourSSLDomain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
# fix permissions
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
# Login as zimbra
su zimbra
cd /opt/zimbra/ssl/letsencrypt
# Get the right chain
wget -qO- https://letsencrypt.org/certs/lets-encrypt-r3.pem > chain.pem
wget -qO- https://letsencrypt.org/certs/isrgrootx1.pem >> chain.pem
# verify
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
# Deploy
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
zmcontrol restart
	export YourSSLDomain=mail.yourdomain.com
	# Renew or generate cert
	certbot renew
	# Copy cert
	cp /etc/letsencrypt/live/$YourSSLDomain/* /opt/zimbra/ssl/letsencrypt
	chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*

	# if first time copy the key to the right place
	cp /etc/letsencrypt/live/$YourSSLDomain/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
	# fix permissions
	chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
	# Login as zimbra
	su zimbra
	cd /opt/zimbra/ssl/letsencrypt
	# Get the right chain
	wget -qO- https://letsencrypt.org/certs/lets-encrypt-r3.pem > chain.pem
	wget -qO- https://letsencrypt.org/certs/isrgrootx1.pem >> chain.pem
	# verify
	/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
	# Deploy
	/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
	zmcontrol restart