Great news! certbot-zimbra, the script to super-easily deploy Let’s encrypt free certificates on Zimbra servers, just got an update!
The big update in this release is the ability to request a certificate for multiple domains.
That is, if your Zimbra installation has mail.domain.com and mail.domain.it you can request a certificate which is valid for both hostnames, ensuring safe and trusted browser sessions for your users.
By default when a new certificate is requested it will use:
- zmhostname command;
- zimbraServicePublicHostname parameter for each configured domain;
to collect host names, and will request a certificate for all of them.
Once scan has been completed the list of found hostnames is echoed in console.
Since the script has improved a lot since the first release, and seems pretty reliable at the moment, the default flow has been changed to go straight to the certificate request and deployment.
If someone wants to confirm the scanned certs before performing the actual request the -c parameter can be passed, so that it will require a y/n confirmation before proceding.
If the detected domain list is not suitable to you, you can specify extra domains manually with -e or disable the feature with -u.
The multi domain feature has been implemented with a single certificate. This means you cannot have a single Zimbra installation with mixed Let’s encrypt and commercial certificates. This kind of installation requires SNI configuration, which will eventually be addressed in issue #8.
This kind of config has the advantage to reduce the certificate deployment time, as just Zimbra proxy (nginx) service needs to be restarted after a certificate renewal.
What are you watiing for? The release 0.4 is available on GitHub. Feedback (positive and negative) is welcome!