====Zimbra====

===Introduction===

After install letsencrypt certificate via the beautiful /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh, the certificate of the admin console (accessible via port 7071) has not been updated.
The keystore is located at /opt/zimbra/mailboxd/etc/keystore

  zmcertmgr viewdeployedcrt all
  
  SubjectAltName=mail.domain.tld
  NOTE: possibly stale keystore: /opt/zimbra/mailboxd/etc/keystore
  \- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
  notBefore=Jul 31 20:31:04 2021 GMT
  notAfter=Oct 29 20:31:02 2021 GMT
  subject=CN = mail.domain.tld
  issuer=C = US, O = Let's Encrypt, CN = R3 

  - Find the keystore password in zimbra configuration

  zmlocalconfig -s | grep mailboxd_keystore_password

  - Create a pkcs12 file with the certificate, chain and the private key (as zimbra user)

  openssl pkcs12 -export -name jetty -in /opt/zimbra/ssl/zimbra/commercial/commercial.crt -inkey /opt/zimbra/ssl/zimbra/commercial/commercial.key -out jetty.p12

  - cd to /opt/zimbra/mailboxd/etc/

  cd /opt/zimbra/mailboxd/etc/

  - Copy /tmp/tmp.Jlr8nDRlEp/0000_cert.pem (or other path created by cert geneation script) to mailboxd.pem

  cp /tmp/tmp.Jlr8nDRlEp/0000_cert.pem mailboxd.pem

  - Delete the actual certificate into keystore if not tempered or corrupt else delete the keystore file

  keytool -delete -alias jetty -keystore keystore -storepass passwd

  - Import the keystore into the keystore (haha)

  keytool -importkeystore -destkeystore keystore -srckeystore jetty.p12 -srcstoretype jks
  
  zmcontrol restart