Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8

Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8

Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8Install SSL Let’s Encrypt Zimbra 10 di Rocky Linux 8. Let’s Encrypt adalah CA. Untuk mendapatkan sertifikat untuk domain website Anda dari Let’s Encrypt, Anda harus dapat membuktikan kontrol terhadap domain tersebut. Dengan Let’s Encrypt, Anda melakukannya dengan menggunakan perangkat-lunak yang menggunakan protokol ACME yang biasanya berjalan pada host web Anda. Untuk Let’s Encrypt sendiri SSL gratis yang biasanya masa expirenya 3 bulan, setelah itu Anda harus renewal dan deploy ulang ke Zimbra.
1. Install Certbot

1
dnf install certbot -y

2. Request SSL ke Let’s Encrypt

1
certbot certonly --standalone

3. Masukan email address

1
2
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): admin@saad.my.id

4. Ketik Y, enter. untuk Agree Terms of Service

1
2
3
4
5
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in
order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

5. Ketik N, enter

1
2
3
4
5
6
7
8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

6. Masukan Hostname Zimbra

1
2
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): mail.saad.my.id

7. Bila berhasil request SSL hasilnya seperti ini

01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/mail.saad.my.id/privkey.pem
   Your cert will expire on 2024-11-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

8. Copy privatekey SSL ke folder SSL zimbra

1
cp /etc/letsencrypt/live/mail.saad.my.id/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key

9. Ubah permission ke user zimbra pada file commercial.key

1
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key

10. Membuat CA Let’s Encrypt, fullchain.pem

1
2
3
4
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem
wget -O /tmp/R3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem
cat /tmp/R3.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

11. Ubah permission ke user zimbra pada folder

1
chown -R zimbra:zimbra /etc/letsencrypt

12. Verifikasi SSL Let’s Encrypt

1
2
su - zimbra
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

Bila semua valid, maka akan muncul seperti berikut, dan bisa dilanjutkan untuk deploy SSL

1
2
3
4
** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/etc/letsencrypt/live/mail.saad.my.id/cert.pem' against '/etc/letsencrypt/live/mail.saad.my.id/fullchain.pem'
Valid certificate chain: /etc/letsencrypt/live/mail.saad.my.id/cert.pem: OK

13. Deploy SSL Let’s Encrypt

1
/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.saad.my.id/cert.pem /etc/letsencrypt/live/mail.saad.my.id/fullchain.pem

14. Restart Zimbra

1
zmcontrol restart

Selesai
Selamat Mencoba

Berikut layanan yang ada di saadwebid terkait zimbra
Layanan Jasa Maintenance Zimbra
Layanan Jasa Migrasi Zimbra Mail Server
VPS/Cloud Zimbra
SSL Zimbra Mail Server
SMTP Relay
Layanan Antivirus, Antispam dan Antimalware

×

Hello!

Klik salah satu dibawah untuk chat WhatsApp atau kirim email kepada kami ke info@saad.web.id

× WhatsApp Kami