Posted by 
After installing and configuring Zimbra Chat in the previous article, I want to use it on desktop or mobile devices. However, the Zulip application (desktop or mobile) cannot connect to Zimbra Chat because the server uses a self-signed SSL certificate. Therefore, I need a valid certificate.
In this article, I will use a Let’s Encrypt SSL certificate.
# Generate a Let’s Encrypt SSL certificate
Please run the following command to generate Lets Encrypt certificate
certbot certonly --manual --agree-tos -m [email protected] --preferred-challenges dns --debug-challenges -d *.imanudin.web.id -d *.chat.imanudin.web.id -d imanudin.web.id
Below is an example output. Please add the TXT records below to your public DNS
- - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name: _acme-challenge.imanudin.web.id. with the following value: NG_tTQqYlJWEE7KD-OBon_n2sIq9wgHKu0Doj8DRYYM (This must be set up in addition to the previous challenges; do not remove, replace, or undo the previous challenge tasks yet. Note that you might be asked to create multiple distinct TXT records with the same name. This is permitted by DNS standards.) Before continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the Google Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.imanudin.web.id. Look for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added. - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/imanudin.web.id/fullchain.pem Key is saved at: /etc/letsencrypt/live/imanudin.web.id/privkey.pem This certificate expires on 2025-07-30. These files will be updated when the certificate renews. NEXT STEPS: - This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
# Configure the settings in Zimbra Chat (Zulip)
Open file zulip-enterprise
vi /etc/nginx/sites-available/zulip-enterprise
Adjust these lines
ssl_certificate /etc/letsencrypt/live/imanudin.web.id/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/imanudin.web.id/privkey.pem;
Reload Nginx service
systemctl reload nginx
Zimbra Chat is now secured with a trusted SSL certificate
Good Luck 🙂