Difference between revisions of "Zimbra Setups"

From Rhomicom Wiki
Jump to navigation Jump to search
Line 92: Line 92:
  
 
==Install Letsencrypt Cert Zimbra ==
 
==Install Letsencrypt Cert Zimbra ==
-----RENEWAL START HERE------
 
 
sudo certbot --version
 
sudo certbot --version
 
sudo su - zimbra -c "zmproxyctl stop"
 
sudo su - zimbra -c "zmproxyctl stop"

Revision as of 19:00, 29 August 2021

 adduser rhouser
 passwd rhouser
 
 yum update -y ; reboot
 yum -y install which openssh openssh-server openssh-clients openssl-libs nano rsync unzip net-tools NetworkManager-tui sysstat perl-core libaio nmap-ncat libstdc++.so.6 wget tar bind-utils -y 
 yum install psmisc 
 #Install and configure firewall-cmd
 hostnamectl set-hostname "mail.rhomicom.com"
 exec bash
# nano /etc/hosts
# 192.168.0.108 mail.rhomicom.com mail

echo 'mail.rhomicom.com' > /etc/hostname
echo '127.0.0.1 mail.rhomicom.com mail' >> /etc/hosts
hostname mail.rhomicom.com
hostname --fqdn

# Do all DNS settings and MX records on Domain Registrar's DNS
dig -t A mail.rhomicom.com
dig -t MX rhomicom.com

#Install Let'sencrypt CentOS7
yum install epel-release
yum install certbot

wget https://files.zimbra.com/downloads/8.8.10_GA/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz --no-check-certificate
tar zxpvf zcs-8.8.10_GA_3039.RHEL7_64.20180928094617.tgz
cd zcs-8.8.10_GA_3039.RHEL7_64.20180928094617

./install.sh
#Answer Y to all options
# Answer Yes to Create Domain 
# enter domain rhomicom.com
# enter MX mail.rhomicom.com
# Unconfigured Modules, Choose 7
# Choose 4 to set admin password
# choose r to go back
# choose a to apply all settings
# Wait for system to complete configuration and login
su - zimbra -c "zmcontrol start"
su - zimbra -c "zmcontrol stop"
su - zimbra -c "zmcontrol status"
su - zimbra -c "zmcontrol restart"

Uninstall

 cd /root/zimbra/zcs-8.8.10_GA_3039.RHEL7_64.20180928094617
 zcs-8.8.10_GA_3039.RHEL7_64.20180928094617]# ./install.sh -u

Move from Old to New Server

 # On Old Server
 tar -czvf zimbkp29Aug2021-17-39.tar.gz /opt/zimbra/
 # On New Server
 # Install Same version of ZCS
 rsync -avH [email protected]:/home/rhouser/*.t*z --progress --human-readable /home/rhouser
 tar -xzvf zimbkp29Aug2021-17-39.tar.gz
 mv /opt/zimbra /home
 mv opt/zimbra /opt
 /opt/zimbra/libexec/zmfixperms -e -v  # as root
 postfix check
 #temporarily switch to self-signed cert to avoid some SSL/TLS errors
 /opt/zimbra/bin/zmcertmgr createcrt -new -days 3650
 /opt/zimbra/bin/zmcertmgr deploycrt self
 # Alternatively you may disable TLS Connections temporarily
 su - zimbra 
 zmlocalconfig -e ssl_allow_untrusted_certs=true 
 zmlocalconfig -e ldap_starttls_supported=0
 zmlocalconfig -e ldap_starttls_required=false
 zmlocalconfig -e ldap_common_require_tls=0
 zmcontrol restart
 #Validate LDAP Configuration
  su - zimbra
  zmcontrol stop
  zmlocalconfig -s ldap_root_password
  /opt/zimbra/common/sbin/slappasswd -s Y0uRP4S5w0Rd
  #sample output - {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  cd /opt/zimbra/data/ldap/config/cn=config
  vi olcDatabase={0}config.ldif
  #CHange olcRootPW:: e1NTSEE112123gblVeVJ2UjU3UE1512312366jjkj128080as2bDQ5eVgxNXhWSlFPUWhTQmxhQ1d4L1RaNWdsdVRsWWJyRXJDcTA4V0Y0YVRYOE5ma23451wR3A1QytBZUZocEZ1
  # to  olcRootPw: {SSHA}SXzTa82PbLST97854mZOp746PBLA2378
  zmcontrol start
  # or reboot PC
  # and re-run zcs install
  ./install.sh
# Enable TLS Connections after install if they were disabled
su - zimbra 
zmlocalconfig -e ssl_allow_untrusted_certs=true 
zmlocalconfig -e ldap_starttls_supported=1
zmlocalconfig -e ldap_starttls_required=true
zmlocalconfig -e ldap_common_require_tls=1
zmcontrol restart

Install Letsencrypt Cert Zimbra

sudo certbot --version sudo su - zimbra -c "zmproxyctl stop" sudo su - zimbra -c "zmmailboxdctl stop" export EMAIL="[email protected]" certbot certonly --standalone -d mail.rhomicom.com --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring ls -lh /etc/letsencrypt/live/mail.rhomicom.com/

sudo mkdir /opt/zimbra/ssl/letsencrypt #NOT NEEDED IN RENEWAL

CERTPATH=/etc/letsencrypt/live/mail.rhomicom.com sudo \cp -rf $CERTPATH/* /opt/zimbra/ssl/letsencrypt/ ls /opt/zimbra/ssl/letsencrypt/ cat $CERTPATH/chain.pem | sudo tee /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem

  1. ADD THE LETSENCRYPT CERT

sudo tee -a /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem<<EOF


BEGIN CERTIFICATE-----

MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ


END CERTIFICATE-----

EOF

cat /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ ls -lha /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo chown -R zimbra:zimbra /etc/letsencrypt/ cd /opt/zimbra/ssl/letsencrypt ls -halt ln -sf /etc/letsencrypt/live/mail.rhomicom.com/cert.pem cert.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/chain.pem chain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/fullchain.pem fullchain.pem ln -sf /etc/letsencrypt/live/mail.rhomicom.com/privkey.pem privkey.pem ls -halt cat cert.pem sudo chown -R zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%.m%.d-%H.%M") sudo cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key sudo su - zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/letsencrypt/cert.pem /opt/zimbra/ssl/letsencrypt/zimbra_chain.pem' sudo su - zimbra -c "zmcontrol restart"