Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
1. Install Certbot
apt install certbot
2. Request SSL ke Let’s Encrypt
certbot certonly --standalone
3. Enter your email address
Enter email address (used for urgent renewal and security notices) (Enter 'c' tocancel): admin@vkttech.xyz
4. Type A, enter. To Agree Terms of Service
Please read the Terms of Service athttps://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You mustagree in order to register with the ACME server athttps://acme-v02.api.letsencrypt.org/directory- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(A)gree/(C)ancel: A
5. Type N, enter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Would you be willing to share your email address with the Electronic FrontierFoundation, a founding partner of the Let's Encrypt project and the non-profitorganization that develops Certbot? We'd like to send you email about our workencrypting the web, EFF news, campaigns, and ways to support digital freedom.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: N
6. Enter Zimbra Hostname
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'to cancel): mail.vkttech.xyz
7. If the SSL request is successful, the result will be like this
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/mail.vkttech.xyz/privkey.pem Your cert will expire on 2024-12-24. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donateDonating to EFF: https://eff.org/donate-le
8. Copy privatekey SSL ke folder SSL zimbra
cp /etc/letsencrypt/live/mail.vkttech.xyz/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
9. Change permission to zimbra user in commercial.key file
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
10. CA Let’s Encrypt, fullchain.pem
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pemwget -O /tmp/R3.pem https://letsencrypt.org/certs/lets-encrypt-r3.pemcat /tmp/R3.pem >> /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pemcat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem
11. Change permission to zimbra user on the folder
chown -R zimbra:zimbra /etc/letsencrypt
12. Verify SSL Let’s Encrypt
su - zimbra/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/mail.vkttech.xyz/cert.pem /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem
If everything is valid, it will appear as follows, and you can continue to deploy SSL.
** Verifying '/etc/letsencrypt/live/mail.vkttech.xyz/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'Certificate '/etc/letsencrypt/live/mail.vkttech.xyz/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.** Verifying '/etc/letsencrypt/live/mail.vkttech.xyz/cert.pem' against '/etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem'Valid certificate chain: /etc/letsencrypt/live/mail.vkttech.xyz/cert.pem: OK
13. Deploy SSL Let’s Encrypt
/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.vkttech.xyz/cert.pem /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem
14. Restart Zimbra
zmcontrol restart
To set up automatic SSL renewal, follow these steps:
1. Open the crontab editor:
crontab -e
2. Add the following line to the crontab:
0 0 1 * * /usr/bin/certbot renew --post-hook "/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/mail.vkttech.xyz/cert.pem /etc/letsencrypt/live/mail.vkttech.xyz/fullchain.pem && /opt/zimbra/bin/zmcontrol restart"
3. Save and exit the crontab editor.