Skip to content

ノートDwinar

Hidup tuh bercanda, yang serius cuma mati

Menu
  • Home
  • Admin Server
    • Debian
    • RedHat
    • Ubuntu
    • Zimbra
  • Blog
  • Buku & Publishing
  • About
  • Contact
  • Privacy Policy
Menu

Install SSL Let’s Encrypt di Zimbra

Posted on May 24, 2019June 23, 2019 by dwinar

Let’s Encrypt

Let’s Encrypt merupakan suatu nama layanan penerbitan SSL Sertifikat yang telah diluncurkan pada tanggal 12 April 2016 oleh Internet Security Research Group atau yang disingkat dengan ISRG yang menyediakan layanan penerbitan SSL Sertifikat secara gratis berjenis Sertifikat X.509 untuk enkripsi Transport Layer Security (TLS) melalui proses otomatis yang dirancang untuk menghilangkan proses yang kompleks saat penerbitan manual, validasi, signing, instalasi dan pembaharuan SSL secara otomatis agar membuat web menjadi aman.

Let’s Encrypt bisa dijalankan di zimbra. Untuk dapat menggunakan ssl let’s encrypt pada zimbra, berikut adalah langkah – langkahnya:

    • Matikan servis proxy dan mailbox.
[[email protected] ~]# su - zimbra
[[email protected] ~]$ zmproxyctl stop
[[email protected] ~]$ zmmailboxdctl stop
    • Langkah kedua adalah Menginstal git di Server, dan kemudian lakukan klon git dari proyek pada folder yang kita inginkan.
      Catatan: Pada RedHat / CentOS 6 Anda harus mengaktifkan repositori EPEL sebelum menginstal git, jika belum menaktifkan repositori EPEL, bisa mengaktifkan terlebih dahulu. Untuk tutorialnya bisa kesini.
[[email protected] ~]# yum install git -y
[[email protected] ~]# git clone https://github.com/letsencrypt/letsencrypt
[[email protected] ~]# cd letsencrypt
    • Jika menggunakan single domain, bisa menggunakan perintah berikut
[[email protected] ~]# ./letsencrypt-auto certonly --standalone
    • Jika menggunakan multi domain, bisa menggunakan perintah berikut
[[email protected] ~]# ./letsencrypt-auto certonly --standalone -d xmpp.example.com -d conference.example.com
    • Masukkan akun email anda, untuk pemberitahuan dan pemulihan key
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):
[email protected]
    • Ketik A. pada term of service. enter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
    • Masukkan hostname. dalam hal ini yang digunakan mail.dwinar.web.id
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c' to cancel): 
mail.dwinar.web.id
    • Tunggu proses validate, sampai muncul keterangan berikut
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/zimbra86.zimbra.io/fullchain.pem. Your cert
   will expire on 2016-03-04. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Catatan : Lokasi certifikat berada pada folder /etc/letsencrypt/live/$domain. Disini directory yang digunakan, /etc/letsencrypt/live/mail.dwinar.web.id

    • Buka file chain.pem.
[[email protected] ~]# nano /etc/letsencrypt/live/mail.dwinar.web.id/chain.pem
    • Tambahkan pada baris paling bawah untuk Root CA, Root CA bisa diperoleh melalui link berikut: https://www.identrust.com/certificates/trustid/root-download-x3.html
-----BEGIN CERTIFICATE-----
YOURCHAIN
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
    • Copy seluruh file /etc/letsencrypt/live/$domain ke dalam /opt/zimbra/ssl/letsencrypt
[[email protected] ~]# mkdir /opt/zimbra/ssl/letsencrypt
[[email protected] ~]# cp /etc/letsencrypt/live/mail.dwinar.web.id/* /opt/zimbra/ssl/letsencrypt/
[[email protected] ~]# chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
    • Buka folder /opt/zimbra/ssl/letsencrypt masukkan perintah berikut untuk verify ssl (Perintah berikut menggunakan user zimbra)
[[email protected] ~]$ cd /opt/zimbra/ssl/letsencrypt
[[email protected] ~]$ /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
    • Bila berhasil di verify maka akan muncul seperti dibawah ini
** Verifying cert.pem against privkey.pem
Certificate (cert.pem) and private key (privkey.pem) match.
Valid Certificate: cert.pem: OK
    • Backup terlebih dahulu folder ssl zimbra dengan perintah berikut:
[[email protected] ~]# cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d")
    • Copy private key ke commercial key dengan perintah berikut
[[email protected] ~]# cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
    • Ubah hak ases ke zimbra.
[[email protected] ~]# chown  zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/*
    • Deploy ssl dengan perintah berikut

–  Zimbra 8.6 kebawah

[[email protected] ~]# /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem

– Zimbra 8.6 keatas

[[email protected] ~]# su - zimbra
[[email protected] ~]$ /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/chain.pem
    • Restart Zimbra
[[email protected] ~]$ zmcontrol restart

Coba akses zimbra kalian, pasti sekarang sudah terinstall sslnya. Demikian tutorial kali ini, terimakasih telah membaca.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Instalasi T-Pot Honeypot Framework
  • Ulang Tahun Excellent 9
  • Cara Setting DNS over HTTPS
  • Cara Upgrade OS Mikrotik
  • Membersihkan Sampah Pada Docker

Recent Comments

  • raihan irfan on Cara Install Docker Toolbox di Windows 10 Home
  • dwinar on Instalasi T-Pot Honeypot Framework
  • dwinar on Instalasi T-Pot Honeypot Framework
  • dwinar on Cara Replikasi Database Master – Slave
  • manda on Cara Replikasi Database Master – Slave

Categories

  • Admin Server
  • Blog
  • Debian
  • RedHat
  • Ubuntu
  • Zimbra

Archives

  • January 2021
  • September 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018

Tags

BBB Blog CentOS CentOS 8 Cockpit cPanel DataBases docer Docker Docker CE Docker Private Registry Docker Toolbox fail2ban Gnome google cloud Honeypot Jitsi Kubernetes Let’s Encrypt Linux lsync MariaDB Mikrotik Nakivo NextCloud Open Source OpenSUSE Redhat RedHat 7 S/MIME SSH SSL T-Pot Ubuntu Video Conference Web Server WFH WHM Windows Zextras Zimbra Zimbra Docs Zimbra Drive Zimbra Drive v2 Zimbra NE
May 2019
MTWTFSS
 12345
6789101112
13141516171819
20212223242526
2728293031 
« Apr   Jun »
© 2023 ノートDwinar | Powered by Minimalist Blog WordPress Theme