Zimbra Mail Server

Server
1

Hi, How does automatic script with Zimbra ?

3 Likes
2

I will be interested also to be able to use Letā€™s Encrypt with a Zimbra server :).

3

https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate

1 Like
4

Thank you, but

Failed authorization procedure. mx.sushi.ru (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: Failed to connect to host for DVSNI challenge

IMPORTANT NOTES:

  • If you lose your account credentials, you can recover through
    e-mails sent to postmaster@sushi.ru.

  • The following ā€˜urn:acme:error:connectionā€™ errors were reported by
    the server:

    Domains: mx.sushi.ru
    Error: The server could not connect to the client for DV

  • Your account credentials have been saved in your Letā€™s Encrypt
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Letā€™s
    Encrypt so making regular backups of this folder is ideal.

5

Same problem here.Did you find a solution ?
Thanks

6

Well, in the case of @NorD the hostname mx.sushi.ru doesnā€™t even have an IP address associated with it. So nothing can connect to it. Iā€™m wondering if e-mails to the domain sushi.ru even arrive?

Anyway, just stating ā€œsame problem hereā€ isnā€™t getting you anywhere Iā€™m afraid. The Letā€™s Encrypt ACME server has multiple challenge systems and currently it uses the http-01 and/or tls-sni-01 challenge for the ā€œliveā€ server. This means there has to be a HTTP or HTTPS (respectively) listening on port 80 and/or 443 on the hostname(s)/(sub)domain(s) you want a certificate for.

At the moment thereā€™s also a DNS challenge system being developed (so no need for accessibility on port 80 and/or 443 required), but this is currently in the ā€œstagingā€ server only (which doesnā€™t generate ā€œrealā€ trusted certificates you can use). Also, itā€™s not very well documentated as far as I know and Iā€™ve got no clue if itā€™s implemented in the official client at all.

If your mailserver also runs a webserver, then you possibly could use that one. Depends on how you call your mailserver. You probably donā€™t have a virtualhost called mx.yourdomain.tld on your webserver.

If your mailserver doesnā€™t come with a webserver, you could use the standalone plugin, which acts as its own temporary webserver. But ofcourse, the server should be reachable on port 80 and 443 from the internet for this to work.