Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8

Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8

Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8. Let’s Encrypt adalah CA. Untuk mendapatkan sertifikat untuk domain website Anda dari Let’s Encrypt, Anda harus dapat membuktikan kontrol terhadap domain tersebut. Dengan Let’s Encrypt, Anda melakukannya dengan menggunakan perangkat-lunak yang menggunakan protokol ACME yang biasanya berjalan pada host web Anda. Untuk Let’s Encrypt sendiri SSL gratis yang biasanya masa expirenya 3 bulan, setelah itu Anda harus renewal dan deploy ulang ke Zimbra.
1. Install Certbot

dnf install certbot -y

2. Request SSL ke Let’s Encrypt

certbot certonly --standalone

3. Masukan email address

Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@saad.my.id

4. Ketik Y, enter. untuk Agree Terms of Service

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

5. Ketik N, enter

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

6. Masukan Hostname Zimbra

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mail.saad.my.id

7. Bila berhasil request SSL hasilnya seperti ini

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/privkey.pem
   Your cert will expire on 2024-11-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

8. Copy privatekey SSL ke folder SSL zimbra

cp /etc/letsencrypt/live/mail.saad.my.id/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

9. Ubah permission ke user zimbra pada file commercial.key

chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key

10. Membuat CA Let’s Encrypt, fullchain.pem

wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem
wget -O /tmp/R3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
cat /tmp/R3.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

11. Ubah permission ke user zimbra pada folder

chown -R zimbra:zimbra /etc/letsencrypt

12. Verifikasi SSL Let’s Encrypt

su - zimbra
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

Bila semua valid, maka akan muncul seperti berikut, dan bisa dilanjutkan untuk deploy SSL

** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/etc/letsencrypt/live/mail.saad.my.id/fullchain.pem'
Valid certificate chain: /etc/letsencrypt/live/mail.saad.my.id/cert.pem: OK

13. Deploy SSL Let’s Encrypt

/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

14. Restart Zimbra

zmcontrol restart

Selesai
Selamat Mencoba

Berikut layanan yang ada di saadwebid terkait zimbra
Layanan Jasa Maintenance Zimbra
Layanan Jasa Migrasi Zimbra Mail Server
VPS/Cloud Zimbra
SSL Zimbra Mail Server
SMTP Relay
Layanan Antivirus, Antispam dan Antimalware

×

Hello!

Klik salah satu dibawah untuk chat WhatsApp atau kirim email kepada kami ke info@saad.web.id

× WhatsApp Kami