Zimbra Mail Server


Hi, How does automatic script with Zimbra ?


I will be interested also to be able to use Let’s Encrypt with a Zimbra server :).




Thank you, but

Failed authorization procedure. mx.sushi.ru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge


  • If you lose your account credentials, you can recover through
    e-mails sent to postmaster@sushi.ru.

  • The following ‘urn:acme:error:connection’ errors were reported by
    the server:

    Domains: mx.sushi.ru
    Error: The server could not connect to the client for DV

  • Your account credentials have been saved in your Let’s Encrypt
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Let’s
    Encrypt so making regular backups of this folder is ideal.


Same problem here.Did you find a solution ?


Well, in the case of @NorD the hostname mx.sushi.ru doesn’t even have an IP address associated with it. So nothing can connect to it. I’m wondering if e-mails to the domain sushi.ru even arrive?

Anyway, just stating “same problem here” isn’t getting you anywhere I’m afraid. The Let’s Encrypt ACME server has multiple challenge systems and currently it uses the http-01 and/or tls-sni-01 challenge for the “live” server. This means there has to be a HTTP or HTTPS (respectively) listening on port 80 and/or 443 on the hostname(s)/(sub)domain(s) you want a certificate for.

At the moment there’s also a DNS challenge system being developed (so no need for accessibility on port 80 and/or 443 required), but this is currently in the “staging” server only (which doesn’t generate “real” trusted certificates you can use). Also, it’s not very well documentated as far as I know and I’ve got no clue if it’s implemented in the official client at all.

If your mailserver also runs a webserver, then you possibly could use that one. Depends on how you call your mailserver. You probably don’t have a virtualhost called mx.yourdomain.tld on your webserver.

If your mailserver doesn’t come with a webserver, you could use the standalone plugin, which acts as its own temporary webserver. But ofcourse, the server should be reachable on port 80 and 443 from the internet for this to work.