بِسْمِ اللهِ الرَّحْمٰنِ الرَّحِيْمِ
Background Story
Berawal dari support certbot yang sudah tidak lanjutkan untuk ubuntu server 14.04 berakibat pada zimbra mail server, jadi ndak bisa auto renew lagi boss. Dan pastinya tidak dapat digunakan dengan baik. Pada post ini kita akan membahas bagaimana menginstall letsencrypt untuk zimbra server pada ubuntu 14.04 yang sudah kuno itu (canda kuno…).
Kebutuhan
Setidaknya yang perlu kita persiapkan adalah:
- Zimbra mail server
- Akses SSH
- Niat, dan
- Kopi
Pembahasan
Disini saya menggunakan POP!_OS 21.10 untuk remote server. Berikut pembahasannya.
1. Login ke Server
Login terlebih dahulu ke zimbra mail server kita, kemudian matikan service zimbra.
sudo su - zimbra
zmproxyctl stop
2. Install acme.sh
curl https://get.acme.sh | sh -s email=your@email.com
Untuk petujuk instalasi lebih lengkap silakan ke link berikut.
Tahap install ini akan melakukan 3 hal yaitu:
- Membuat dan copy
acme.shke dalamhomedirektori. Semua sertifikat akan tersimpan pada direktori ini. - Membuat alias
acme.sh=~/.acme.sh/acme.sh. - Membuat cron job untuk cek dan renew sertifikat jika dibutuhkan.
Outputnya kurang lebih seperti ini:
~$ curl https://get.acme.sh | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 937 0 937 0 0 1220 0 --:--:-- --:--:-- --:--:-- 5120
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 205k 100 205k 0 0 880k 0 --:--:-- --:--:-- --:--:-- 1031k
[Thu Jan 26 09:50:30 AM WIB 2022] Installing from online archive.
[Thu Jan 26 09:50:30 AM WIB 2022] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
[Thu Jan 26 09:50:32 AM WIB 2022] Extracting master.tar.gz
[Thu Jan 26 09:50:32 AM WIB 2022] It is recommended to install socat first.
[Thu Jan 26 09:50:32 AM WIB 2022] We use socat for standalone server if you use standalone mode.
[Thu Jan 26 09:50:32 AM WIB 2022] If you don't use standalone mode, just ignore this warning.
[Thu Jan 26 09:50:32 AM WIB 2022] Installing to /root/.acme.sh
[Thu Jan 26 09:50:32 AM WIB 2022] Installed to /root/.acme.sh/acme.sh
[Thu Jan 26 09:50:32 AM WIB 2022] Installing alias to '/root/.zshrc'
[Thu Jan 26 09:50:32 AM WIB 2022] OK, Close and reopen your terminal to start using acme.sh
[Thu Jan 26 09:50:32 AM WIB 2022] Installing cron job
no crontab for batutah
no crontab for batutah
[Thu Jan 26 09:50:32 AM WIB 2022] Good, bash is found, so change the shebang to use bash as preferred.
[Thu Jan 26 09:50:32 AM WIB 2022] OK
[Thu Jan 26 09:50:32 AM WIB 2022] Install success!
Setalah proses instalasi selesai, kita perlu menutup terminal dan buka sesi baru untuk dapat menggunakan acme.sh ini.
3. Set letsencrypt sebagai default
acme.sh --set-default-ca --server letsencrypt
4. Issue Sertifikat
Selanjutnya kita jalankan acme.sh untuk mendapatkan sertifikat, caranya jalankan command berikut (jangan lupa disesuaikan ya).
Pastikan port 80 free.
acme.sh --issue --standalone -d <DOMAIN>
outputnya kurang lebih seperti ini:
[Wed Jan 26 00:08:23 WIB 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed Jan 26 00:08:23 WIB 2022] Standalone mode.
[Wed Jan 26 00:08:23 WIB 2022] Single domain='mail.batutah.id'
[Wed Jan 26 00:08:23 WIB 2022] Getting domain auth token for each domain
[Wed Jan 26 00:08:27 WIB 2022] Getting webroot for domain='mail.batutah.id'
[Wed Jan 26 00:08:27 WIB 2022] Verifying: mail.batutah.id
[Wed Jan 26 00:08:27 WIB 2022] Standalone mode server
[Wed Jan 26 00:08:29 WIB 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Wed Jan 26 00:08:32 WIB 2022] Success
[Wed Jan 26 00:08:32 WIB 2022] Verify finished, start to sign.
[Wed Jan 26 00:08:32 WIB 2022] Lets finalize the order.
[Wed Jan 26 00:08:32 WIB 2022] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/275112380/58377252870'
[Wed Jan 26 00:08:34 WIB 2022] Downloading cert.
[Wed Jan 26 00:08:34 WIB 2022] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/046053fc2b4ae6af33c9246ce39828b2c853'
[Wed Jan 26 00:08:36 WIB 2022] Try rel: https://acme-v02.api.letsencrypt.org/acme/cert/046053fc2b4ae6af55c9246ce39828b2c853/1
[Wed Jan 26 00:08:37 WIB 2022] Matched issuer in: https://acme-v02.api.letsencrypt.org/acme/cert/048853fc2b4ae6af82c9246ce39828b2c853/1
[Wed Jan 26 00:08:37 WIB 2022] Cert success.
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISBGBT/CtK5q+CySRs45gosshTMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAxMjUxNjA4MzNaFw0yMjA0MjUxNjA4MzJaMCIxIDAeBgNVBAMT
F21haWwuZGlnaXRhbHNla3VyaXRpLmlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA1BFaOT4hB/mIb17Goo6K8BGKRr+iHPC5WYmbYyjka8Q6UrRFyIuL
P4ZXis3u2Y4mgnA7iRwovvA2PdxOdZbMAKCDXkBJqbMWi9IXv6COylWiRTXo2pi7
RUfuFL2nyHvIfiGj0uaug2dJDLF3R/GqeErb9jywzKwLprtnZbnOUwWKHgn+rsb4
xW++UavwfNqh8fd6Hxzy8k7S5ATs4x341cooK/d2yKHBZ5CibLR0ET0HGmPfdKTv
sD175AB9Thrbe+s5FeNNGfO/Suhp5dbCHx5UrNhwg74frlL/0VDrpo8EB3VX1rhH
SH+VGF8LfNShkDk0J6nzySe6pl0M09a6tQIDAQABo4ICUjCCAk4wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMB0GA1UdDgQWBBSGNqkEOAiiiasFmKeDxR9Y+hb3KzAfBgNVHSMEGDAWgBQU
LrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGG
FWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmku
bGVuY3Iub3JnLzAiBgNVHREEGzAZghdtYWlsLmRpZ2l0YWxzZWt1cml0aS5pZDBM
BgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIB
FhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUE
gfIA8AB2AEHIyrHfIkZKEMahOglCh15OMYsbA+vrS8do8JBilgb2AAABfpI16ocA
AAQDAEcwRQIhAK5kGHh+AEze3kEDsDGEd1f3Tl6O7tBmFx14gYUof3K1AiAcY2AW
xUVkIM15olez0pd0RhxsxBdr9nfZqQz/CA6TuAB2ACl5vvCeOTkh8FZzn2Old+W+
V32cYAr4+U1dJlwlXceEAAABfpI16ngAAAQDAEcwRQIhAIdVI23GM2qSRjB0q+nV
5D5E+s1LM8xfXbolCPVFSqO4AiAaKHf4NrLD7TwZBwmJ6ZaveOWvpIqAqrOr1CKb
zqJgLzANBgkqhkiG9w0BAQsFAAOCAQEAZSqKSAqyNPjx7Y7aJDQYwVvtNuxA8fUa
JxOV4ZQYnSsc2rL+mrjEU9Zo7fDllCpeVLxG7Nnd7lVzCE+yHuasLsGF9fflQANQ
gbueM8wzfWQTb7+KXiTycTvL7uDQCXsm2VDEpAAyTPOzza/c5zNKI3Q/XMRHJV1m
GmB/BvycJiSG/MjMIxk1xNy6jB/3c7IpTvFyckK5y2q3gqOKhrKgIcg5/appP4JH
0aP8MNZkn7l8PViI4xpGsPo7aLGcBFVAMP5pRcNaLdAWxPA4LdnFbiYQiOOOwBhm
7uEZZRaXxbbR/UjE22+fXMXfaPK4dwP3eCgn5FLL1kCyw4sFougTYA==
-----END CERTIFICATE-----
[Wed Jan 26 00:08:37 WIB 2022] Your cert is in: /root/.acme.sh/mail.batutah.id/mail.batutah.id.cer
[Wed Jan 26 00:08:37 WIB 2022] Your cert key is in: /root/.acme.sh/mail.batutah.id/mail.batutah.id.key
[Wed Jan 26 00:08:37 WIB 2022] The intermediate CA cert is in: /root/.acme.sh/mail.batutah.id/ca.cer
[Wed Jan 26 00:08:37 WIB 2022] And the full chain certs is there: /root/.acme.sh/mail.batutah.id/fullchain.cer
5. Check list Sertifikat
acme.sh --list
6. Copy sertifikat ke zimbra
cd /root/.acme.sh/mail.batutah.id
cp mail.batutah.id.cer /opt/zimbra/ssl/letsencrypt/cert.pem
cp mail.batutah.id.key /opt/zimbra/ssl/letsencrypt/privkey.pem
chown -R zimbra: /opt/zimbra/ssl/letsencrypt
Masalah selanjutnya muncul yaitu letsencrypt sendiri mengupgrade mekanisme dari CN= DST Root CA X3 ke ISRG Root X1. yang mana membuat proses verifkkasi yaitu
zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
mengalami kendala yang cukup serius.
Setelah membuka lebih dari 10 tabs browser google chrome, dan disertai kesabaran membaca banyak
literatur akhirnya membuahkan hasil. Akhirnya mendapatkan solusi dari sini.
yaitu menggunakan chain.pem yang dikasi doski:
vim /opt/zimbra/ssl/letsencrypt/chain.pem
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
Supaya lebih aman jalankan perintah chown.
chown -R zimbra: /opt/zimbra/ssl/letsencrypt
7. Verifikasi certs sebagai user zimbra
sudo su - zimbra
cd /opt/zimbra/ssl/letsencrypt
zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
Pastikan outputnya seperti ini:
zimbra@mail:~/ssl/letsencrypt$ zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK
8. Deploy certs zimbra
zmcertmgr deploycrt comm cert.pem chain.pem
Outputnya gini:
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK
zimbra@mail:~/ssl/letsencrypt$ zmcertmgr deploycrt comm cert.pem chain.pem
** Verifying 'cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate 'cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying 'cert.pem' against 'chain.pem'
Valid certificate chain: cert.pem: OK
** Copying 'cert.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying 'chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain 'chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.digitalsekuriti.id...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.digitalsekuriti.id...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 9 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/8d33f237.0
** Removing /opt/zimbra/conf/ca/2e5ac55d.0
** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt
** Removing /opt/zimbra/conf/ca/4042bcee.0
** Removing /opt/zimbra/conf/ca/commercial_ca_3.crt
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/c452e5a6.0
** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt
** Removing /opt/zimbra/conf/ca/ca.pem
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'c452e5a6.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '8d33f237.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'
9. Restart service zimbra
sudo su - zimbra
zmcontrol restart
Kesimpulan
Kita telah menginstall dan konfigurasi SSL zimbra dengan letsencrypt menggunakan acme.sh sebagai pengganti certbot di ubuntu 14.04 yang sudah kuno.
Sumber:
Updated: 27 Januari 2022
10:33 WIB
Pogung Baru, Sleman
Yogyakarta