Get an email notification when Zimbra TLS certificates are about to expire

In many cases IT staff will have automated TLS certificates so they are renewed and deployed automatically. However sometimes the automation fails or deployments use an additional reverse proxy or web application firewall in front of Zimbra. In the latter case, sometimes the renewal of the Zimbra self-signed certificate is overlooked.

Zimbra (LDAP) requires a TLS certificate that is not expired for continued operation.

In this article you will learn how to set-up a notification email whenever the TLS certificates on Zimbra are about to expire.


On your Zimbra server download the check-expiration script as follows:

wget -O /usr/local/sbin/check-expiration
chmod +x /usr/local/sbin/check-expiration

Then install the script in the Zimbra user crontab as follows:

su - zimbra
crontab -e

Scroll all the way down in the crontab and append under:


The following:

40 * * * * /usr/local/sbin/check-expiration 25

And replace with the email address or distribution list where you want to receive the notification.


Here is a screenshot of a notification email:


2 Responses to Get an email notification when Zimbra TLS certificates are about to expire

  1. Rainer November 15, 2023 at 12:37 AM #


    I tried to find the project on github to log an issue there, but couldn’t find it.

    Anyway, on my mailbox-server without mailboxes, I get:

    /usr/local/sbin/ line 33: /opt/zimbra/common/sbin/sendmail: No such file or directory

    This server only servers API requests for provisioning.

    What do I need to install?

    • Avatar photo
      Barry de Graaff November 15, 2023 at 1:41 AM #

      The example script is meant to run on a Zimbra mailbox server. If you run it on a different server, you have to change the script to use an operating system provided sendmail.

      yum install sendmail

      And replace /opt/zimbra/common/sbin/sendmail with sendmail in the script.

Leave a Reply

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures