- Actualizamos e instalamos
- Debe seer snap para que permita certbot certonly –standalone -d correo.siua.ac.cr –force-renewal –preferred-chain «ISRG Root X1»
- Si tratamos de instalar snap y no da el error
- https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate
- https://www.netntw.com/archivos/679
- https://www.youtube.com/watch?v=ct0Q2RVBvAA
error: system does not fully support snapd: cannot mount squashfs image using "squashfs": mount:
HADES
- Debemos hacer la modificación en el archivo de configuración de la MV en PROXMOX
nano /etc/pve/lxc/140.conf
features: fuse=1,mount=fuse,nesting=1
y esto
lxc.mount.auto: cgroup:rw
lxc.mount.auto: sys:rw
arch: amd64
cores: 4
features: fuse=1,mount=fuse,nesting=1
hostname: correo
memory: 8192
nameserver: 127.0.0.1
net1: name=eth1,bridge=vmbr0,gw=181.193.87.1,hwaddr=8E:8F:73:63:8B:C1,ip=181.193.87.9/28,tag=111,type=v>
onboot: 1
ostype: ubuntu
rootfs: STN01-VM:140/vm-140-disk-0.raw,size=50G
searchdomain: siua.ac.cr
swap: 8192
unprivileged: 1
lxc.mount.auto: cgroup:rw
lxc.mount.auto: sys:rw
CORREO
sudo apt update
sudo apt install squashfuse fuse squashfs-tools
sudo apt install snap snapd
sudo snap install core
sudo snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/cerbot
certbot --version
#Resultado
certbot 0.27.0
sudo su - zimbra -c "zmproxyctl stop"
sudo su - zimbra -c "zmmailboxdctl stop"
certbot certonly --standalone -d correo.siua.ac.cr --force-renewal --preferred-chain "ISRG Root X1"
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewing an existing certificate for correo.siua.ac.cr
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/correo.siua.ac.cr/fullchain.pem
Key is saved at: /etc/letsencrypt/live/correo.siua.ac.cr/privkey.pem
This certificate expires on 2022-09-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- Donde:
- cert.pem: es el certificado
- fullchain.pem esl a unión cert.pem + chain.pem
- privkey.pem es la lave privada (Recuerde que esto es solo para usted)
- Ahora como usuario root
cp /etc/letsencrypt/live/correo.siua.ac.cr/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /etc/letsencrypt/live/correo.siua.ac.cr/chain.pem
//Permisos
chmod 777 -R /etc/letsencrypt/
- Para mantener los permisos
sudo apt install acl
sudo setfacl -R -m u:zimbra:rwx /etc/letsencrypt/
- Ahora como usuario zimbra
sudo su zimbra
- Revisamos que los servicios esten apagados
zmproxyctl stop
zmmailboxdctl stop
cd ~
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /etc/letsencrypt/live/correo.siua.ac.cr/cert.pem /etc/letsencrypt/live/correo.siua.ac.cr/chain.pem
** Verifying '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' against '/etc/letsencrypt/live/correo.siua.ac.cr/chain.pem'
Valid certificate chain: /etc/letsencrypt/live/correo.siua.ac.cr/cert.pem: OK
/opt/zimbra/bin/zmcertmgr deploycrt comm /etc/letsencrypt/live/correo.siua.ac.cr/cert.pem /etc/letsencrypt/live/correo.siua.ac.cr/chain.pem
** Verifying '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' against '/etc/letsencrypt/live/correo.siua.ac.cr/chain.pem'
Valid certificate chain: /etc/letsencrypt/live/correo.siua.ac.cr/cert.pem: OK
** Copying '/etc/letsencrypt/live/correo.siua.ac.cr/cert.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Copying '/etc/letsencrypt/live/correo.siua.ac.cr/chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
** Appending ca chain '/etc/letsencrypt/live/correo.siua.ac.cr/chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt'
** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer correo.siua.ac.cr...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer correo.siua.ac.cr...ok
** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/conf/imapd.keystore'
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/e5f800d1.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink 'e5f800d1.0' -> 'ca.pem'
** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '8d33f237.0' -> 'commercial_ca_1.crt'
** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'
zmcontrol restart
Cambiar logo zimbra
- Primero debemos hacer las imagenes en las medidas
- 440×60 pixels – Logo del pagina de login
- 200×35 pixels – Logo cuando ya se esta logeado (top left corner)
- Descargamos: aquí
- Ahora se recomienda almacenar los logos en otra parte que puedan ser accedidos de forma remota para cuando se actualice el sistema estos no se remplacen
su - zimbra
zmprov md siua.ac.cr zimbraSkinLogoURL https://correo.siua.ac.cr
zmprov md siua.ac.cr zimbraSkinLogoLoginBanner http://proxy.siua.ac.cr/logos_zimbra/correo_login.png
zmprov md siua.ac.cr zimbraSkinLogoAppBanner http://proxy.siua.ac.cr/logos_zimbra/correo_app.png
zmmailboxdctl restart