su - zimbra zmcontrol status | grep sccfd Expected output (if enabled):
/opt/zimbra/libexec/acme-client -d yourdomain.com -v Cause: Too frequent checks or large cert chain. Fix: Increase ssl_sccfd_check_interval to 172800 (2 days). Issue 4: Certificate renewed but not deployed Fix: Manually reload proxy: zimbra sccfd
zmcontrol restart sccfd zmacmedomain list 7. Common Issues & Fixes Issue 1: sccfd not running after upgrade Fix: Re-enable Let's Encrypt integration: su - zimbra zmcontrol status | grep sccfd
su - zimbra zmprov modifyServer `zmhostname` -zimbraSSLUseLetSCrypt TRUE zmcontrol stop sccfd zmcontrol disable sccfd # on systemd: systemctl disable zimbra-sccfd To re-enable later: Common Issues & Fixes Issue 1: sccfd not
zmproxyctl reload zmmailboxdctl restart # if single-server If you manage certificates manually or via another CA:
su - zimbra zmlocalconfig | grep -i sccfd | Parameter | Default | Description | |-----------|---------|-------------| | ssl_allow_untrusted_certs | false | Allow self-signed (not recommended) | | ssl_sccfd_check_interval | 86400 | Check interval in seconds (1 day) | | ssl_sccfd_renew_threshold | 30 | Renew when days left ≤ this value | | ssl_sccfd_random_delay_max | 3600 | Random delay before check (seconds) | Modify a parameter: zmlocalconfig -e ssl_sccfd_renew_threshold=20 Then restart sccfd :