Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8
Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8. Let’s Encrypt adalah CA. Untuk mendapatkan sertifikat untuk domain website Anda dari Let’s Encrypt, Anda harus dapat membuktikan kontrol terhadap domain tersebut. Dengan Let’s Encrypt, Anda melakukannya dengan menggunakan perangkat-lunak yang menggunakan protokol ACME yang biasanya berjalan pada host web Anda. Untuk Let’s Encrypt sendiri SSL gratis yang biasanya masa expirenya 3 bulan, setelah itu Anda harus renewal dan deploy ulang ke Zimbra.
1. Install Certbot
1 | dnf install certbot -y |
2. Request SSL ke Let’s Encrypt
1 | certbot certonly --standalone |
3. Masukan email address
1 2 | Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): admin@saad.my.id |
4. Ketik Y, enter. untuk Agree Terms of Service
1 2 3 4 5 | Please read the Terms of Service at https: //letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y |
5. Ketik N, enter
1 2 3 4 5 6 7 8 | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N |
6. Masukan Hostname Zimbra
1 2 | Please enter in your domain name(s) (comma and / or space separated) (Enter 'c' to cancel): mail.saad.my.id |
7. Bila berhasil request SSL hasilnya seperti ini
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mail.saad.my.id/privkey.pem Your cert will expire on 2024-11-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https: //letsencrypt.org/donate Donating to EFF: https: //eff.org/donate-le |
8. Copy privatekey SSL ke folder SSL zimbra
1 | cp /etc/letsencrypt/live/mail.saad.my.id/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key |
9. Ubah permission ke user zimbra pada file commercial.key
1 | chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key |
10. Membuat CA Let’s Encrypt, fullchain.pem
1 2 3 4 | wget -O /tmp/ISRG-X1.pem https: //letsencrypt.org/certs/isrgrootx1.pem wget -O /tmp/R3.pem https: //letsencrypt.org/certs/lets-encrypt-r3.pem cat /tmp/R3.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem |
11. Ubah permission ke user zimbra pada folder
1 | chown -R zimbra:zimbra /etc/letsencrypt |
12. Verifikasi SSL Let’s Encrypt
1 2 | su - zimbra /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem |
Bila semua valid, maka akan muncul seperti berikut, dan bisa dilanjutkan untuk deploy SSL
1 2 3 4 | ** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/etc/letsencrypt/live/mail.saad.my.id/fullchain.pem' Valid certificate chain: /etc/letsencrypt/live/mail.saad.my.id/cert.pem: OK |
13. Deploy SSL Let’s Encrypt
1 | /opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem |
14. Restart Zimbra
1 | zmcontrol restart |
Selesai
Selamat Mencoba
Berikut layanan yang ada di saadwebid terkait zimbra
Layanan Jasa Maintenance Zimbra
Layanan Jasa Migrasi Zimbra Mail Server
VPS/Cloud Zimbra
SSL Zimbra Mail Server
SMTP Relay
Layanan Antivirus, Antispam dan Antimalware