Trong bài trước BKNS đã hướng dẫn các bạn cài đặt SSL trả phí cho Mail Zimbra, các bạn có thể tham khảo chi tiết tại đây nhé.
Còn bài này sẽ đề cập đến các bước cài đặt SSL miễn phí cho Mail Zimbra, các bạn có thể tiến hành cài đặt theo các bước sau:
Bước 1: Tạm dừng Service Mail
|
1 2 3 |
su - zimbra zmcontrol stop exit |
|
1 2 3 |
yum install git -y cd /opt/ git clone https://github.com/certbot/certbot |
|
1 2 |
cd /opt/certbot/ ./letsencrypt-auto certonly --standalone |
|
1 2 |
cd /etc/letsencrypt/live/chanhblog.tk ls -la |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
-----BEGIN CERTIFICATE----- MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ -----END CERTIFICATE----- |
|
1 2 3 |
mkdir -p /opt/zimbra/ssl/letsencrypt cp /etc/letsencrypt/live/$domain/* /opt/zimbra/ssl/letsencrypt/ chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ |
|
1 2 3 |
su - zimbra cd /opt/zimbra/ssl/letsencrypt /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem |
Bước 5: Deploy Let’s Encrypt SSL certificate mới, lệnh bên dưới sử dụng với quyền user root
|
1 |
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date "+%Y%m%d") |
|
1 2 |
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key |
|
1 2 3 |
su - zimbra cd /opt/zimbra/ssl/letsencrypt /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem |
|
1 |
zmcontrol restart |
