Difference between revisions of "Zimbra Setups"

From Rhomicom Wiki
Jump to navigation Jump to search
Line 73: Line 73:
 
   zmcontrol stop
 
   zmcontrol stop
 
   zmlocalconfig -s ldap_root_password
 
   zmlocalconfig -s ldap_root_password
   /opt/zimbra/openldap/sbin/slappasswd -s Y0uRP4S5w0Rd
+
   /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd
 
   #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
 
   #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
 
   cd /opt/zimbra/data/ldap/config/cn=config
 
   cd /opt/zimbra/data/ldap/config/cn=config
Line 90: Line 90:
 
  zmlocalconfig -e ldap_common_require_tls=1
 
  zmlocalconfig -e ldap_common_require_tls=1
 
  zmcontrol restart
 
  zmcontrol restart
 +
 +
==Install Letsencrypt Cert Zimbra ==
 +
-----RENEWAL START HERE------
 +
sudo certbot --version
 +
sudo su - zimbra -c "zmproxyctl stop"
 +
sudo su - zimbra -c "zmmailboxdctl stop"
 +
export EMAIL="[email protected]"
 +
certbot certonly --standalone  -d mail.rhomicom.com  --preferred-challenges http  --agree-tos  -n  -m $EMAIL  --keep-until-expiring
 +
ls -lh /etc/letsencrypt/live/mail.rhomicom.com/
 +
 +
sudo mkdir /opt/zimbra/ssl/letsencrypt  #NOT NEEDED IN RENEWAL
 +
 +
CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com
 +
sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/
 +
ls /opt/zimbra/ssl/letsencrypt/
 +
cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
 +
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
 +
 +
#ADD THE LETSENCRYPT CERT
 +
sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF
 +
-----BEGIN CERTIFICATE-----
 +
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
 +
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
 +
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
 +
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
 +
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
 +
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
 +
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
 +
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
 +
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
 +
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
 +
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
 +
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
 +
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
 +
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
 +
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
 +
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
 +
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
 +
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 +
-----END CERTIFICATE-----
 +
EOF
 +
 +
cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem
 +
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
 +
ls -lha /opt/zimbra/ssl/letsencrypt/
 +
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
 +
sudo chown -R zimbra:zimbra /etc/letsencrypt/
 +
cd /opt/zimbra/ssl/letsencrypt
 +
ls -halt
 +
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem
 +
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem
 +
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem
 +
ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem
 +
ls -halt
 +
cat cert.pem
 +
sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/
 +
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
 +
sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M")
 +
sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
 +
sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
 +
sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem'
 +
sudo su - zimbra -c "zmcontrol restart"

Revision as of 18:59, 29 August 2021

 adduser rhouser
 passwd rhouser
 
 yum update -y ; reboot
 yum -y install which openssh openssh-server openssh-clients openssl-libs nano rsync unzip net-tools NetworkManager-tui sysstat perl-core libaio nmap-ncat libstdc++.so.6 wget tar bind-utils -y 
 yum install psmisc 
 #Install and configure firewall-cmd
 hostnamectl set-hostname "mail.rhomicom.com"
 exec bash
# nano /etc/hosts
# 192.168.0.108 mail.rhomicom.com mail

echo 'mail.rhomicom.com' > /etc/hostname
echo '127.0.0.1 mail.rhomicom.com mail' >> /etc/hosts
hostname mail.rhomicom.com
hostname --fqdn

# Do all DNS settings and MX records on Domain Registrar's DNS
dig -t A mail.rhomicom.com
dig -t MX rhomicom.com

#Install Let'sencrypt CentOS7
yum install epel-release
yum install certbot

wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz --no-check-certificate
tar zxpvf zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.RHEL7_64.20180928094617

./install.sh
#Answer Y to all options
# Answer Yes to Create Domain 
# enter domain rhomicom.com
# enter MX mail.rhomicom.com
# Unconfigured Modules, Choose 7
# Choose 4 to set admin password
# choose r to go back
# choose a to apply all settings
# Wait for system to complete configuration and login
su - zimbra -c "zmcontrol start"
su - zimbra -c "zmcontrol stop"
su - zimbra -c "zmcontrol status"
su - zimbra -c "zmcontrol restart"

Uninstall

 cd /root/zimbra/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617
 zcs-8.8.10_GA_3039.RHEL7_64.20180928094617]# ./install.sh -u

Move from Old to New Server

 # On Old Server
 tar -czvf zimbkp29Aug2021-17-39.tar.gz /opt/zimbra/
 # On New Server
 # Install Same version of ZCS
 rsync -avH [email protected]:/home/rhouser/*.t*z --progress --human-readable /home/rhouser
 tar -xzvf zimbkp29Aug2021-17-39.tar.gz
 mv /opt/zimbra /home
 mv opt/zimbra /opt
 /opt/zimbra/libexec/zmfixperms -e -v  # as root
 postfix check
 #temporarily switch to self-signed cert to avoid some SSL/TLS errors
 /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650
 /opt/zimbra/bin/zmcertmgr deploycrt self
 # Alternatively you may disable TLS Connections temporarily
 su - zimbra 
 zmlocalconfig -e ssl_allow_untrusted_certs=true 
 zmlocalconfig -e ldap_starttls_supported=0
 zmlocalconfig -e ldap_starttls_required=false
 zmlocalconfig -e ldap_common_require_tls=0
 zmcontrol restart
 #Validate LDAP Configuration
  su - zimbra
  zmcontrol stop
  zmlocalconfig -s ldap_root_password
  /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd
  #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  cd /opt/zimbra/data/ldap/config/cn=config
  vi olcDatabase={0}config.ldif
  #CHange olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1
  # to  olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  zmcontrol start
  # or reboot PC
  # and re-run zcs install
  ./install.sh
# Enable TLS Connections after install if they were disabled
su - zimbra 
zmlocalconfig -e ssl_allow_untrusted_certs=true 
zmlocalconfig -e ldap_starttls_supported=1
zmlocalconfig -e ldap_starttls_required=true
zmlocalconfig -e ldap_common_require_tls=1
zmcontrol restart

Install Letsencrypt Cert Zimbra


RENEWAL START HERE------

sudo certbot --version sudo su - zimbra -c "zmproxyctl stop" sudo su - zimbra -c "zmmailboxdctl stop" export EMAIL="[email protected]" certbot certonly --standalone -d mail.rhomicom.com --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring ls -lh /etc/letsencrypt/live/mail.rhomicom.com/

sudo mkdir /opt/zimbra/ssl/letsencrypt #NOT NEEDED IN RENEWAL

CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/ ls /opt/zimbra/ssl/letsencrypt/ cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem

  1. ADD THE LETSENCRYPT CERT

sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF


BEGIN CERTIFICATE-----

MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ


END CERTIFICATE-----

EOF

cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ ls -lha /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /etc/letsencrypt/ cd /opt/zimbra/ssl/letsencrypt ls -halt ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem ls -halt cat cert.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M") sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo su - zimbra -c "zmcontrol restart"