Let's Encrypt - Webroot
On October 9, 2024, during the second day of the CA/Browser Forum Fall Meeting, Apple revealed that it had posted a draft ballot on GitHub for comments.
This proposal calls for gradually reducing the maximum duration of public SSL/TLS certificates to 45 days by 2027.The draft also calls for gradually reducing the DCV reuse period, until it reaches 10 days in 2027.
Google and now Apple, both advocate for shorter lifetimes for digital certificates.
Zimbra, has posted an article on how to install a Let's Encrypt SSL certificate, except that it requires you to have a DNS server on your Zimbra server.
At ZCSPlus, we manage our DNS zones at our Registrar, so we had to react, and that's why we implemented a complete solution to fully use Let's Encrypt in Webroot mode, no headache typing command lines, we built a script that automates the entire activation and renewal procedure for your SSL certificates !
How does it work ?
Nothing could be simpler, you just have to type the following command:
/opt/zimbra/libexec/zcsplus-letsencryptThis command will first detect if you have installed the latest version of Certbot from Python PIP, if not, it will tell you the commands to follow to install it.
Is this step done ?
Relaunch the command, and it will continue the activation task by first patching an NGINX Template, then move on to the deployment step.
Finally, it will end up setting up a Cron file so that Cerbot is called every day, and checks if your certificates are not older than 20 days, if so, then it will automate the renewal of the certificates as well as the restart of ZCSPlus.
We will remain vigilant on future updates of the NGINX Templates, so that this cannot break the renewals of your certificates, as a precaution, we have added an option that will only execute this step of Patch, here is the command:
/opt/zimbra/libexec/zcsplus-letsencrypt "nginx-patch"