Difference between revisions of "Zimbra Setups"
Line 73: | Line 73: | ||
zmcontrol stop | zmcontrol stop | ||
zmlocalconfig -s ldap_root_password | zmlocalconfig -s ldap_root_password | ||
− | /opt/zimbra/ | + | /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd |
#sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 | #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 | ||
cd /opt/zimbra/data/ldap/config/cn=config | cd /opt/zimbra/data/ldap/config/cn=config | ||
Line 90: | Line 90: | ||
zmlocalconfig -e ldap_common_require_tls=1 | zmlocalconfig -e ldap_common_require_tls=1 | ||
zmcontrol restart | zmcontrol restart | ||
+ | |||
+ | ==Install Letsencrypt Cert Zimbra == | ||
+ | -----RENEWAL START HERE------ | ||
+ | sudo certbot --version | ||
+ | sudo su - zimbra -c "zmproxyctl stop" | ||
+ | sudo su - zimbra -c "zmmailboxdctl stop" | ||
+ | export EMAIL="[email protected]" | ||
+ | certbot certonly --standalone -d mail.rhomicom.com --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring | ||
+ | ls -lh /etc/letsencrypt/live/mail.rhomicom.com/ | ||
+ | |||
+ | sudo mkdir /opt/zimbra/ssl/letsencrypt #NOT NEEDED IN RENEWAL | ||
+ | |||
+ | CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com | ||
+ | sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/ | ||
+ | ls /opt/zimbra/ssl/letsencrypt/ | ||
+ | cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem | ||
+ | cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem | ||
+ | |||
+ | #ADD THE LETSENCRYPT CERT | ||
+ | sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF | ||
+ | -----BEGIN CERTIFICATE----- | ||
+ | MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||
+ | MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||
+ | DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||
+ | PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||
+ | Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||
+ | AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||
+ | rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||
+ | OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||
+ | xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||
+ | 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||
+ | aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||
+ | HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||
+ | SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||
+ | ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||
+ | AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||
+ | R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||
+ | JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||
+ | Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||
+ | -----END CERTIFICATE----- | ||
+ | EOF | ||
+ | |||
+ | cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem | ||
+ | sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ | ||
+ | ls -lha /opt/zimbra/ssl/letsencrypt/ | ||
+ | sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ | ||
+ | sudo chown -R zimbra:zimbra /etc/letsencrypt/ | ||
+ | cd /opt/zimbra/ssl/letsencrypt | ||
+ | ls -halt | ||
+ | ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem | ||
+ | ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem | ||
+ | ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem | ||
+ | ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem | ||
+ | ls -halt | ||
+ | cat cert.pem | ||
+ | sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ | ||
+ | sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' | ||
+ | sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M") | ||
+ | sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key | ||
+ | sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' | ||
+ | sudo su - zimbra -c "zmcontrol restart" |
Revision as of 18:59, 29 August 2021
adduser rhouser
passwd rhouser
yum update -y ; reboot
yum -y install which openssh openssh-server openssh-clients openssl-libs nano rsync unzip net-tools NetworkManager-tui sysstat perl-core libaio nmap-ncat libstdc++.so.6 wget tar bind-utils -y
yum install psmisc
#Install and configure firewall-cmd
hostnamectl set-hostname "mail.rhomicom.com"
exec bash
# nano /etc/hosts
# 192.168.0.108 mail.rhomicom.com mail
echo 'mail.rhomicom.com' > /etc/hostname
echo '127.0.0.1 mail.rhomicom.com mail' >> /etc/hosts
hostname mail.rhomicom.com
hostname --fqdn
# Do all DNS settings and MX records on Domain Registrar's DNS
dig -t A mail.rhomicom.com
dig -t MX rhomicom.com
#Install Let'sencrypt CentOS7
yum install epel-release
yum install certbot
wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz --no-check-certificate
tar zxpvf zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.RHEL7_64.20180928094617
./install.sh
#Answer Y to all options
# Answer Yes to Create Domain
# enter domain rhomicom.com
# enter MX mail.rhomicom.com
# Unconfigured Modules, Choose 7
# Choose 4 to set admin password
# choose r to go back
# choose a to apply all settings
# Wait for system to complete configuration and login
su - zimbra -c "zmcontrol start"
su - zimbra -c "zmcontrol stop"
su - zimbra -c "zmcontrol status"
su - zimbra -c "zmcontrol restart"
Uninstall
cd /root/zimbra/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617 zcs-8.8.10_GA_3039.RHEL7_64.20180928094617]# ./install.sh -u
Move from Old to New Server
# On Old Server tar -czvf zimbkp29Aug2021-17-39.tar.gz /opt/zimbra/ # On New Server # Install Same version of ZCS rsync -avH [email protected]:/home/rhouser/*.t*z --progress --human-readable /home/rhouser tar -xzvf zimbkp29Aug2021-17-39.tar.gz mv /opt/zimbra /home mv opt/zimbra /opt /opt/zimbra/libexec/zmfixperms -e -v # as root postfix check #temporarily switch to self-signed cert to avoid some SSL/TLS errors /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650 /opt/zimbra/bin/zmcertmgr deploycrt self # Alternatively you may disable TLS Connections temporarily su - zimbra zmlocalconfig -e ssl_allow_untrusted_certs=true zmlocalconfig -e ldap_starttls_supported=0 zmlocalconfig -e ldap_starttls_required=false zmlocalconfig -e ldap_common_require_tls=0 zmcontrol restart #Validate LDAP Configuration su - zimbra zmcontrol stop zmlocalconfig -s ldap_root_password /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 cd /opt/zimbra/data/ldap/config/cn=config vi olcDatabase={0}config.ldif #CHange olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1 # to olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378 zmcontrol start # or reboot PC # and re-run zcs install ./install.sh # Enable TLS Connections after install if they were disabled su - zimbra zmlocalconfig -e ssl_allow_untrusted_certs=true zmlocalconfig -e ldap_starttls_supported=1 zmlocalconfig -e ldap_starttls_required=true zmlocalconfig -e ldap_common_require_tls=1 zmcontrol restart
Install Letsencrypt Cert Zimbra
RENEWAL START HERE------
sudo certbot --version sudo su - zimbra -c "zmproxyctl stop" sudo su - zimbra -c "zmmailboxdctl stop" export EMAIL="[email protected]" certbot certonly --standalone -d mail.rhomicom.com --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring ls -lh /etc/letsencrypt/live/mail.rhomicom.com/
sudo mkdir /opt/zimbra/ssl/letsencrypt #NOT NEEDED IN RENEWAL
CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/ ls /opt/zimbra/ssl/letsencrypt/ cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
- ADD THE LETSENCRYPT CERT
sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF
BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
END CERTIFICATE-----
EOF
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ ls -lha /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /etc/letsencrypt/ cd /opt/zimbra/ssl/letsencrypt ls -halt ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem ls -halt cat cert.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M") sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo su - zimbra -c "zmcontrol restart"