ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Zimbra Certbot Scripts

    Scheduled Pinned Locked Moved IT Discussion
    zimbracertbotlets encrypt
    15 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dbeato @scottalanmiller
      last edited by

      @scottalanmiller said in Zimbra Certbot Scripts:

      We have it nearly automated here at this point. It's a little more work as we have a reverse proxy in front of it.

      I setup a reverse proxy in front and no issue so far. Version 8.8.11 on Zimbra.

      S 1 Reply Last reply Reply Quote 0
      • S
        scottalanmiller @dbeato
        last edited by

        @dbeato said in Zimbra Certbot Scripts:

        @scottalanmiller said in Zimbra Certbot Scripts:

        We have it nearly automated here at this point. It's a little more work as we have a reverse proxy in front of it.

        I setup a reverse proxy in front and no issue so far. Version 8.8.11 on Zimbra.

        On the same box, or on a different box?

        D 1 Reply Last reply Reply Quote 0
        • D
          dbeato @scottalanmiller
          last edited by

          @scottalanmiller said in Zimbra Certbot Scripts:

          @dbeato said in Zimbra Certbot Scripts:

          @scottalanmiller said in Zimbra Certbot Scripts:

          We have it nearly automated here at this point. It's a little more work as we have a reverse proxy in front of it.

          I setup a reverse proxy in front and no issue so far. Version 8.8.11 on Zimbra.

          On the same box, or on a different box?

          Different Box.

          1 Reply Last reply Reply Quote 0
          • S
            scottalanmiller
            last edited by

            Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

            D 1 Reply Last reply Reply Quote 0
            • D
              dbeato @scottalanmiller
              last edited by

              @scottalanmiller said in Zimbra Certbot Scripts:

              Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

              For me, the Reverse proxy handles everything, that is the Zimbra server never sees that Certificate ever.

              S E 2 Replies Last reply Reply Quote 0
              • S
                scottalanmiller @dbeato
                last edited by

                @dbeato said in Zimbra Certbot Scripts:

                @scottalanmiller said in Zimbra Certbot Scripts:

                Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

                For me, the Reverse proxy handles everything, that is the Zimbra server never sees that Certificate ever.

                Ah ha. That's VERY different than our process.

                1 Reply Last reply Reply Quote 0
                • E
                  EddieJennings @dbeato
                  last edited by

                  @dbeato said in Zimbra Certbot Scripts:

                  @scottalanmiller said in Zimbra Certbot Scripts:

                  Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

                  For me, the Reverse proxy handles everything, that is the Zimbra server never sees that Certificate ever.

                  Including IMAP and SMTP traffic?

                  D 1 Reply Last reply Reply Quote 0
                  • D
                    dbeato @EddieJennings
                    last edited by

                    @EddieJennings said in Zimbra Certbot Scripts:

                    @dbeato said in Zimbra Certbot Scripts:

                    @scottalanmiller said in Zimbra Certbot Scripts:

                    Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

                    For me, the Reverse proxy handles everything, that is the Zimbra server never sees that Certificate ever.

                    Including IMAP and SMTP traffic?

                    As we talked on the private chat, not IMAP and certainly not SMPT as SMPT is not over TLS.

                    S 1 Reply Last reply Reply Quote 0
                    • E
                      EddieJennings
                      last edited by EddieJennings

                      Since acquiring and renewing a certificate can be automated with Certbot, would it make sense to have the cert in two places? HTTP/HTTPS traffic passes through your ngingX VM, which receives its certificate through its own instance of Certbot. And you have a second instance of certbot that functions on the Zimbra server itself, so you have a cert for IMAP and SMTP connections.

                      Or, for you, does it not matter that IMAP and SMTP connections are unencrypted? Since beyond your own mail server, there's no guarantee that encrypted connections will exist.

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        scottalanmiller @dbeato
                        last edited by

                        @dbeato said in Zimbra Certbot Scripts:

                        @EddieJennings said in Zimbra Certbot Scripts:

                        @dbeato said in Zimbra Certbot Scripts:

                        @scottalanmiller said in Zimbra Certbot Scripts:

                        Because the issue is, the cert gets issued to the reverse proxy server. So you need a process to grab it from there.

                        For me, the Reverse proxy handles everything, that is the Zimbra server never sees that Certificate ever.

                        Including IMAP and SMTP traffic?

                        As we talked on the private chat, not IMAP and certainly not SMPT as SMPT is not over TLS.

                        We do both over TLS.

                        1 Reply Last reply Reply Quote 0
                        • S
                          scottalanmiller @EddieJennings
                          last edited by

                          @EddieJennings said in Zimbra Certbot Scripts:

                          Since acquiring and renewing a certificate can be automated with Certbot, would it make sense to have the cert in two places? HTTP/HTTPS traffic passes through your ngingX VM, which receives its certificate through its own instance of Certbot. And you have a second instance of certbot that functions on the Zimbra server itself, so you have a cert for IMAP and SMTP connections.

                          Or, for you, does it not matter that IMAP and SMTP connections are unencrypted? Since beyond your own mail server, there's no guarantee that encrypted connections will exist.

                          You could, but it would still be such a pain to automate as certbot can't renew the certs alone for Zimbra, that you might as well just use one.

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post