Ok. So I got it going successfully and I just wanted to post how I did it in case others are having problems like I did with the certificates not creating properly. I have learned WAY more about acme.sh than I ever needed to and I found one really cool thing which helped me tremendously!1.
To create or issue new or broken certificates I used acme's DNS API which can be found at: https://github.com/Neilpang/acme.sh/tree/master/dnsapi
(I use Linode), which is THE WAY
to create certs using the --dns method if you are using one of their supported DNS providers. Acme supports many cloud/VPS providers and all you really need to do is get an API key from one of your providers on the list and enter the key in the acme.conf file. Then call the issue like so (substituting your remote DNS name) as a non-root user:
Code: Select all
acme.sh --issue --dns dns_linode --dnssleep 900 d mail.example.com mail.example.net -d tmail.example.com
That's it! It will upload the keys to your remote DNS server, wait 15 minutes and verify and then delete the keys off of the remote DNS server and your done creating the certs.2.
I then added two cron jobs. The first job is step one's --issue code which runs every night as the non_root_user. The second cron job calls Jim's deploy-zimbra-letsencrypt.sh script which is run as the zimbra user.