Zimbra proxy configuration for Certbot Zimbra - YetOpen/certbot-zimbra GitHub Wiki

This is the suggested/required configuration of Zimbra proxy in order to make certbot-zibra script work. Recent default installation setup is usually working out of the box, but these istructions may be useful if you come from an upgrade or have manually configured the proxy.

In short, Zimbra's nginx must be listening on port 80. Other port configurations might work, but you have to deal with this advanced configuration yourself.

After doing all the changes do a zmcontrol restart to make sure everything is in sync.

Set default Zimbra proxy ports for web, pop3, imap and admin

/opt/zimbra/libexec/zmproxyconfig -e -w -o -a 8080:80:8443:443 -x https -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -o -i 7143:143:7993:993 -p 7110:110:7995:995 -H `zmhostname`
/opt/zimbra/libexec/zmproxyconfig -e -m -H `zmhostname`

Enable reverse proxy

zmprov ms `zmhostname` zimbraMailReferMode reverse-proxied

Enable memcached

zmprov ms `zmhostname` +zimbraServiceEnabled memcached

Enable redirect mode

You usually want all your webmail traffic to go via https by default. Remember http must be enabled for Letsencrypt verification to work.

zmprov ms `zmhostname` zimbraReverseProxyMailMode redirect

Set public service ports

Not strictly required for the script, but often convenient

zmprov md <YOUR MAIN DOMAIN> zimbraPublicServicePort 443
zmprov md <YOUR MAIN DOMAIN> zimbraPublicServiceProtocol https
zmprov mcf zimbraPublicServiceHostname `zmhostname`
zmmailboxdctl restart

Credits

This list was originally posted by @lovelord83 on issue 90