Since acquiring and renewing a certificate can be automated with Certbot, would it make sense to have the cert in two places? HTTP/HTTPS traffic passes through your ngingX VM, which receives its certificate through its own instance of Certbot. And you have a second instance of certbot that functions on the Zimbra server itself, so you have a cert for IMAP and SMTP connections.
Or, for you, does it not matter that IMAP and SMTP connections are unencrypted? Since beyond your own mail server, there's no guarantee that encrypted connections will exist.
You could, but it would still be such a pain to automate as certbot can't renew the certs alone for Zimbra, that you might as well just use one.
hi, thanks for sharing this guide, would like to ask, what port does ppa:certbot use? im running nginx and its already using 80 & 443. i need to find a way to renew the cert when using Cloudflare as the common way(certbot renew) will not work. thank you.
There are certbot options to use the running server (Nginx in this case.) But I agree with Jared, better to use DNS.