You need to review the steps you take to modify the certs from Certbot and deploy them to Zimbra. Your server is actually using a cert you got on Jan23. Yet, you have gotten fresh certs on Mar24, May23, and Jul22 but don't use any of those.
So, focus on changes to your system between Jan23 and Mar24. You may want to ask for help on a Zimbra forum
That cat ... EOF (second EOF at the end) is a single command to put the script into the file /usr/local/sbin/letsencrypt-zimbra. This is simply basic Linux/*nix terminal stuff. If you don't understand this, maybe you shouldn't be using these kind of instructions. At least not until you understand what the commands do.
I use the commad
/etc/cron.daily/letsencrypt-zimbra
And the output is:
/etc/cron.daily/letsencrypt-zimbra: line 16: /usr/local/sbin/certbot: No such file or directory
--2024-08-22 20:10:18-- https://letsencrypt.org/certs/isrg-root-x2.pem
Resolving letsencrypt.org (letsencrypt.org)... 44.217.161.11, 44.219.53.183, 2600:1f18:2489:8201::c8, ...
Connecting to letsencrypt.org (letsencrypt.org)|44.217.161.11|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 790 [application/x-pem-file]
Saving to: ‘/tmp/ISRG-X2.pem’
/tmp/ISRG-X2.pem 100%[=========================================================>] 790 --.-KB/s in 0s
Note also this from the current Zimbra docs linked by @rg305 earlier
Support for ECDSA TLS (elliptic curve cryptography ECC) certificates has been added to Zimbra zmcertmgr from Zimbra versions 10.0.6, Joule-8.8.15-Patch-45, Kepler-9.0.0-Patch-38. Let’s Encrypt Certbot defaults to ECDSA secp256r1 (P-256) since version 2.0.0. If you are running out-of-date versions of the software or have another reason why you are required to use RSA certificates. Refer to Installing a LetsEncrypt SSL Certificate - Zimbra :: Tech Center at your own risk as we do not support/test or update documentation for out of date deployments.
