Install SSL Let’s Encrypt di Zimbra 8.8.6 Centos 7

Install SSL Let’s Encrypt di Zimbra 8.8.6 Centos 7

Install SSL Let’s Encrypt di Zimbra 8.8.6 Centos 7, Let’s Encrypt merupakan Certificate SSL yang valid, automated, open certificate authority dan free digunakan. Ini salah satu pilihan untuk memproteksi zimbra mail server. Berikut langkah instalasi

hostname: zimbra.saad.web.id

1. Validate dan Generate SSL

Matikan service proxy dan mailbox zimbra (user zimbra)

zmproxyctl stop
zmmailboxdctl stop

Letakkan Clone folder letsencrypt pada /opt dengan perintah git, bila belum ada git. bisa install dengan perintah yum

yum install -y git
cd /opt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Masukkan perintah berikut untuk request certificate single hostname

root@zimbra:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone

Masukkan perintah berikut untuk request certificate multi hostname dalam satu SSL

root@zimbra:~/tmp/letsencrypt# ./letsencrypt-auto certonly --standalone -d apache.example.com -d zmail.example.com

Masukkan akun email anda, untuk pemberitahuan dan pemulihan key

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
admin@saad.web.id

Ketik A. pada term of service. enter

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

Masukkan hostname. dalam hal ini yang digunakan zimbra.saad.web.id

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): 
zimbra.saad.web.id

Tunggu proses validate, sampai muncul keterangan berikut

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/zimbra.saad.web.id/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/zimbra.saad.web.id/privkey.pem
   Your cert will expire on 2019-05-27. To obtain a new or tweaked
   version of this certificate in the future, simply run
   letsencrypt-auto again. To non-interactively renew *all* of your
   certificates, run "letsencrypt-auto renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Lokasi certificate pada /etc/letsencrypt/live/zimbra.saad.web.id/

ubah chain.pem dengan perintah

nano /etc/letsencrypt/live/zimbra.saad.web.id/chain.pem

tambahkan pada baris paling bawah certificate dibawah dan simpan. certificate di peroleh dari https://www.identrust.com/certificates/trustid/root-download-x3.html

-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

2. Verify certificate

Copy seluruh file /etc/letsencrypt/live/zimbra.saad.web.id ke dalam /opt/zimbra/ssl/letsencrypt

root@zimbra:~# mkdir /opt/zimbra/ssl/letsencrypt
root@zimbra:~# cp /etc/letsencrypt/live/zimbra.saad.web.id/* /opt/zimbra/ssl/letsencrypt/
root@zimbra:~# chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
root@zimbra:~# ls -la /opt/zimbra/ssl/letsencrypt/
total 24
drwxr-xr-x 2 root   root   4096 Jul 15 22:59 .
drwxr-xr-x 8 zimbra zimbra 4096 Jul 15 22:59 ..
-rw-r--r-- 1 zimbra zimbra 1809 Jul 15 22:59 cert.pem
-rw-r--r-- 1 zimbra zimbra 2847 Jul 15 22:59 chain.pem
-rw-r--r-- 1 zimbra zimbra 3456 Jul 15 22:59 fullchain.pem
-rw-r--r-- 1 zimbra zimbra 1704 Jul 15 22:59 privkey.pem

open folder /opt/zimbra/ssl/letsencrypt masukkan perintah berikut untuk verify ssl (user zimbra)

cd /opt/zimbra/ssl/letsencrypt
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

Bila berhasil di verify maka akan muncul seperti dibawah ini

zimbra@zimbra:/opt/zimbra/ssl/letsencrypt/# /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem 
** Verifying cert.pem against privkey.pem
Certificate (cert.pem) and private key (privkey.pem) match.
Valid Certificate: cert.pem: OK

3. Deploy SSL

Backup terlebih dahulu folder ssl zimbra dengan perintah berikut:

cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")

Copy private key ke commercial key dengan perintah berikut

cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

Deploy ssl dengan perintah berikut

/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

Restart Zimbra

zmcontrol restart

Selesai

Berikut video tutorial untuk langkah-langkah konfigurasinya:

 

~~ Bila ragu menggunakan Let’s Encrypt bisa membeli certificate SSL Berbayar dari kami, klik disini untuk info lengkapnya. ~~

×

Hello!

Klik salah satu dibawah untuk chat WhatsApp atau kirim email kepada kami ke info@saad.web.id

× WhatsApp Kami