Cara Mudah Pasang SSL Let’s Encrypt Zimbra 8.8.15 di Ubuntu 18.04

Cara Mudah Pasang SSL Let’s Encrypt Zimbra 8.8.15 di Ubuntu 18.04

Cara Mudah Pasang SSL Let’s Encrypt Zimbra 8.8.15 di Ubuntu 18.04Cara Mudah Pasang SSL Let’s Encrypt Zimbra 8.8.15 di Ubuntu 18.04, Untuk pemasangan SSL Let’s Encrypt Zimbra sudah pernah ada di artikel sebelumnya pada link berikut https://saad.web.id/2018/03/install-ssl-lets-encrypt-di-zimbra-8-8-6-centos-7/ Pada artikel tersebut masih menggunakan clone file dengan perintah git. Untuk artikel kali ini tidak menggunakan cara tersebut, tapi menggunakan certbot. Cara ini dipakai pada Ubuntu 18.04 dan Zimbra 8.8.15 OSE. Untuk Let’s Encrypt sendiri SSL gratis yang biasanya masa expirenya 3 bulan, setelah itu harus renewal dan deploy ulang ke Zimbra.
1. Install Certbot

apt install certbot

2. Request SSL ke Let’s Encrypt

certbot certonly --standalone

3. Masukan email address

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@saad.my.id

4. Ketik A, enter. Uuntuk Agree Terms of Service

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

5. Ketik N, enter

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

6. Masukan Hostname Zimbra

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mail.saad.my.id

7. Bila berhasil request SSL hasilnya seperti ini

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/privkey.pem
   Your cert will expire on 2022-01-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

8. Copy privatekey SSL ke folder SSL zimbra

cp /etc/letsencrypt/live/mail.saad.my.id/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

9. Ubah permission ke user zimbra pada file commercial.key

chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key

10. Membuat CA Let’s Encrypt, chain.pem

wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem
wget -O /tmp/R3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
cat /tmp/R3.pem > /etc/letsencrypt/live/mail.saad.my.id/chain.pem
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.saad.my.id/chain.pem

11. Ubah permission ke user zimbra pada folder

chown -R zimbra:zimbra /etc/letsencrypt

12. Verifikasi SSL Let’s Encrypt

su - zimbra
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/chain.pem

Bila semua valid, maka akan muncul seperti berikut, dan bisa dilanjutkan untuk deploy SSL

** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/etc/letsencrypt/live/mail.saad.my.id/chain.pem'
Valid certificate chain: /etc/letsencrypt/live/mail.saad.my.id/cert.pem: OK

13. Deploy SSL Let’s Encrypt

/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/chain.pem

14. Restart Zimbra

zmcontrol restart

Selesai
Selamat Mencoba

Berikut layanan yang ada di saadwebid terkait zimbra
Layanan Jasa Maintenance Zimbra
Layanan Jasa Migrasi Zimbra Mail Server
VPS/Cloud Zimbra
SSL Zimbra Mail Server
SMTP Relay
Layanan Antivirus, Antispam dan Antimalware

×

Hello!

Klik salah satu support kami dibawah untuk chat WhatsApp atau kirim email kepada kami ke info@saad.web.id

× WhatsApp Kami