Letsencrypt certs usually consists of these files:
1. cert.pem
2. chain.pem
3. fullchain.pem
4. privkey.pem
I am not going to discuss about how you get those files from letsencrypt. This is for how to renew ssl cert for zimbra specifically version 8.8.15 GA 4717 that i am using. It may or may not work for previous or later version. YMMV
Put the folder containing the certs in /opt/zimbra. Let's say directory named letsencrypt. Make sure it owns by zimbra.
Step 1:
Download letsencrypt root cert here to the same folder as those letsencrypt certs above. The file name is isrgrootx1.pem.
Step 2:
run this: cat isrgrootx1.pem >> chain.pem
Step 3:
Verify the certs using zmcrtmgr. Run the command as user zimbra. The output as following:
zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK
Step 4:
If step 3 above is ok. Deploy the certs (asa user zimbra)
zmcertmgr deploycrt comm cert.pem chain.pem
Step 5:
If step above is successful. Restart the services (as user zimbra):
zmcontrol restart
If there's no error. Your zimbra's ssl is renewed successfully.
