{"id":3743,"date":"2020-09-03T09:35:40","date_gmt":"2020-09-03T15:35:40","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=3743"},"modified":"2020-09-03T11:33:20","modified_gmt":"2020-09-03T17:33:20","slug":"zimbra-8-8-parte-iv-letsencrypt","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=3743","title":{"rendered":"Zimbra 8.8. Parte IV. (Letsencrypt)"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Instalamos git<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>apt-get install git -y<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>El primero paso ser\u00e1 detener el servicio de nginx o de jetty, ya que Let\u00b4s Encrypt se comunica usando el puerto 443 para generar el Certificado SSL.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>su zimbra\nzmproxyctl stop\nzmmailboxdctl stop<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>ingresamos a la carpeta \/tmp<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/tmp<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Clonamos el proyecto<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>git clone https:\/\/github.com\/letsencrypt\/letsencrypt\ncd letsencrypt<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>En este ejemplo, vamos a ejecutar Let\u2019s Encrypt de manera autom\u00e1tica, y usar la opci\u00f3n de certonly, la cual nos generar\u00e1 los ficheros que necesitamos para despu\u00e9s instalarlos en Zimbra, ya que actualmente en zimbra no se puede instalar directamente.<\/li><li>La primera vez que ejecutamos el entorno letsencrypt descargar\u00e1 las dependencias necesarias de los repositorios, puede durar unos minutos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/letsencrypt-auto certonly --standalone<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>El proceso nos preguntar\u00e1 por una direcci\u00f3n Email para usar en caso de emergencia o recuperar una Private Key en caso necesario<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"639\" height=\"49\" src=\"\/wp-content\/uploads\/2020\/09\/Seleccion_063.png\" alt=\"\" class=\"wp-image-3747\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_063.png 639w, https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_063-300x23.png 300w\" sizes=\"(max-width: 639px) 100vw, 639px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>El proceso nos preguntar\u00e1 tambi\u00e9n si estamos de acuerdo con las Condiciones de Uso<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"718\" height=\"118\" src=\"\/wp-content\/uploads\/2020\/09\/Seleccion_064.png\" alt=\"\" class=\"wp-image-3748\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_064.png 718w, https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_064-300x49.png 300w\" sizes=\"(max-width: 718px) 100vw, 718px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Nos indica si deseamos compartir nuestro correo NO<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"742\" height=\"124\" src=\"\/wp-content\/uploads\/2020\/09\/Seleccion_065.png\" alt=\"\" class=\"wp-image-3750\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_065.png 742w, https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_065-300x50.png 300w\" sizes=\"(max-width: 742px) 100vw, 742px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>El \u00faltimo paso es introducir el FQDN que queremos proteger, en mi caso es correo.siua.ac.cr:<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"724\" height=\"42\" src=\"\/wp-content\/uploads\/2020\/09\/Seleccion_066.png\" alt=\"\" class=\"wp-image-3752\" srcset=\"https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_066.png 724w, https:\/\/sada.services\/wp-content\/uploads\/2020\/09\/Seleccion_066-300x17.png 300w\" sizes=\"(max-width: 724px) 100vw, 724px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Si el proceso sale bien obtendr\u00e1<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Obtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for correo.siua.ac.cr\nWaiting for verification...\nCleaning up challenges\n\nIMPORTANT NOTES:\n - Congratulations! Your certificate and chain have been saved at:\n   \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/fullchain.pem\n   Your key file has been saved at:\n   \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/privkey.pem\n   Your cert will expire on 2020-12-02. To obtain a new or tweaked\n   version of this certificate in the future, simply run\n   letsencrypt-auto again. To non-interactively renew *all* of your\n   certificates, run \"letsencrypt-auto renew\"\n - Your account credentials have been saved in your Certbot\n   configuration directory at \/etc\/letsencrypt. You should make a\n   secure backup of this folder now. This configuration directory will\n   also contain certificates and private keys obtained by Certbot so\n   making regular backups of this folder is ideal.\n - If you like Certbot, please consider supporting our work by:\n\n   Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n   Donating to EFF:                    https:\/\/eff.org\/donate-le\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora los certificados generados se encuentran a la ruta <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ls \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Donde:<ul><li><strong>cert.pem<\/strong>: es el certificado<\/li><li><strong>fullchain.pem<\/strong> esl a uni\u00f3n cert.pem + chain.pem<\/li><li><strong>privkey.pem<\/strong> es la lave privada (Recuerde que esto es solo para usted)<\/li><\/ul><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Construyendo el fichero con el Intermediate CA y el Root CA especial para Zimbra<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>Let\u2019s Encrypt es casi perfecto, pero eso no quita que Zimbra tenga su particular manera de aceptar los Certificados SSL, donde necesitamos un fichero con las Intermediate CA y el Root CA, Let\u2019s Encrypt ya nos genera el chain.pem donde se encuentra el Intermediate CA, pero necesitamos adem\u00e1s a\u00f1adir el root despu\u00e9s del Intermediate<\/li><li>Por tanto abrimos la siguiente direcci\u00f3n web y copiamos el contenido<\/li><li><a rel=\"noreferrer noopener\" href=\"https:\/\/letsencrypt.org\/certs\/trustid-x3-root.pem.txt\" target=\"_blank\">https:\/\/letsencrypt.org\/certs\/trustid-x3-root.pem.txt<\/a><\/li><li>Contenido<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA\/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\nEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM\/IUmTrE4O\nrz5Iy2Xu\/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\nOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\nxiqKqy69cK3FCxolkHRyxXtqqzTWMIn\/5WgTe1QLyNau7Fqckh49ZLOMxt+\/yUFw\n7BZy1SbsOFU5Q9D8\/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\naeQQmxkqtilX4+U9m5\/wAl0CAwEAAaNCMEAwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX\/xBVghYkQMA0GCSqG\nSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\nikugdB\/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\nAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\nR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir\/md2cXjbDaJWFBM5\nJDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\nOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n-----END CERTIFICATE-----<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos abrir el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y vamos a pagar el contenido del root anterior al FINAL del chain (NOTA: El ORDEN ES IMPORTANTE), quedando as\u00ed<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>-----BEGIN CERTIFICATE-----\nYOURCHAIN\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA\/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\nEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM\/IUmTrE4O\nrz5Iy2Xu\/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\nOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\nxiqKqy69cK3FCxolkHRyxXtqqzTWMIn\/5WgTe1QLyNau7Fqckh49ZLOMxt+\/yUFw\n7BZy1SbsOFU5Q9D8\/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\naeQQmxkqtilX4+U9m5\/wAl0CAwEAAaNCMEAwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX\/xBVghYkQMA0GCSqG\nSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\nikugdB\/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\nAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\nR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir\/md2cXjbDaJWFBM5\nJDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\nOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n-----END CERTIFICATE-----<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora copiamos los certificados a zimbra<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/opt\/zimbra\/ssl\/letsencrypt\ncp \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/* \/opt\/zimbra\/ssl\/letsencrypt\/\nchown zimbra:zimbra \/opt\/zimbra\/ssl\/letsencrypt\/*\nls -la \/opt\/zimbra\/ssl\/letsencrypt\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora ingresamos como usuario zimbra y ejecutamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>su zimbra\ncd \/opt\/zimbra\/ssl\/letsencrypt\/\n\/opt\/zimbra\/bin\/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>** Verifying 'cert.pem' against 'privkey.pem'\nCertificate 'cert.pem' and private key 'privkey.pem' match.\n** Verifying 'cert.pem' against 'chain.pem'\nValid certificate chain: cert.pem: OK<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora antes de remplazar los certificados<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp -a \/opt\/zimbra\/ssl\/zimbra \/opt\/zimbra\/ssl\/zimbra.$(date \"+%Y%m%d\")<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Antes de desplegar el Certificado SSL, debemos hacer este peque\u00f1o truco para copiar la privatekey que ha generado Let\u2019s Encrypt en la ruta donde Zimbra guarda el SSL commercial:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/opt\/zimbra\/ssl\/letsencrypt\/privkey.pem \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key\nchown zimbra:zimbra \/opt\/zimbra\/ssl\/zimbra\/commercial\/*<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora como usuario zimbra instalamos el certificado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>su zimbra\ncd \/opt\/zimbra\/ssl\/letsencrypt\/\n\/opt\/zimbra\/bin\/zmcertmgr deploycrt comm cert.pem chain.pem<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>** Verifying 'cert.pem' against '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key'\nCertificate 'cert.pem' and private key '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' match.\n** Verifying 'cert.pem' against 'chain.pem'\nValid certificate chain: cert.pem: OK\n** Copying 'cert.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt'\n** Copying 'chain.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt'\n** Appending ca chain 'chain.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt'\n** Importing cert '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '\/opt\/zimbra\/common\/lib\/jvm\/java\/lib\/security\/cacerts'\n** NOTE: restart mailboxd to use the imported certificate.\n** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer correo.siua.ac.cr...ok\n** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer correo.siua.ac.cr...ok\n** Installing imapd certificate '\/opt\/zimbra\/conf\/imapd.crt' and key '\/opt\/zimbra\/conf\/imapd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/imapd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/imapd.key'\n** Creating file '\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12'\n** Creating keystore '\/opt\/zimbra\/conf\/imapd.keystore'\n** Installing ldap certificate '\/opt\/zimbra\/conf\/slapd.crt' and key '\/opt\/zimbra\/conf\/slapd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/slapd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/slapd.key'\n** Creating file '\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12'\n** Creating keystore '\/opt\/zimbra\/mailboxd\/etc\/keystore'\n** Installing mta certificate '\/opt\/zimbra\/conf\/smtpd.crt' and key '\/opt\/zimbra\/conf\/smtpd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/smtpd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/smtpd.key'\n** Installing proxy certificate '\/opt\/zimbra\/conf\/nginx.crt' and key '\/opt\/zimbra\/conf\/nginx.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/nginx.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/nginx.key'\n** NOTE: restart services to use the new certificates.\n** Cleaning up 3 files from '\/opt\/zimbra\/conf\/ca'\n** Removing \/opt\/zimbra\/conf\/ca\/ca.pem\n** Removing \/opt\/zimbra\/conf\/ca\/ca.key\n** Removing \/opt\/zimbra\/conf\/ca\/e5f800d1.0\n** Copying CA to \/opt\/zimbra\/conf\/ca\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.key' to '\/opt\/zimbra\/conf\/ca\/ca.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem' to '\/opt\/zimbra\/conf\/ca\/ca.pem'\n** Creating CA hash symlink 'e5f800d1.0' -> 'ca.pem'\n** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_1.crt\n** Creating CA hash symlink '4f06f81d.0' -> 'commercial_ca_1.crt'\n** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_2.crt\n** Creating CA hash symlink '2e5ac55d.0' -> 'commercial_ca_2.crt'\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>zmcontrol restart<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora podemos validar el certificado por la web<\/li><\/ul>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"170\" height=\"122\" src=\"\/wp-content\/uploads\/2020\/09\/Seleccion_067.png\" alt=\"\" class=\"wp-image-3767\"\/><\/figure><\/div>\n\n\n\n<ul class=\"wp-block-list\"><li>O podemos probarlo con OpenSSL (como usuario root)<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>echo QUIT | openssl s_client -connect correo.siua.ac.cr:443 | openssl x509 -noout -text | less<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>RESULTADO (q para salir)<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Certificate:\n    Data:\n        Version: 3 (0x2)\n        Serial Number:\n            03:44:9f:13:90:44:0b:00:01:a9:a7:af:51:18:dd:b6:3d:03\n        Signature Algorithm: sha256WithRSAEncryption\n        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3\n        Validity\n            Not Before: Sep  3 14:49:19 2020 GMT\n            Not After : Dec  2 14:49:19 2020 GMT\n        Subject: CN = correo.siua.ac.cr\n        Subject Public Key Info:\n            Public Key Algorithm: rsaEncryption\n                RSA Public-Key: (2048 bit)\n                Modulus:\n                    00:9f:dc:92:fc:9d:13:bb:37:48:96:83:96:c3:46:\n                    43:d0:04:09:77:7f:3a:8e:d5:22:2b:a2:af:31:58:\n                    58:6d:a9:57:1f:37:c3:b7:40:ec:19:ea:0d:00:f1:\n                    85:df:bc:33:ee:0f:15:7a:1d:75:b3:d3:f7:2e:44:\n                    ec:d0:97:12:0b:d0:84:57:d9:23:f5:07:cf:b8:09:\n                    21:5e:fa:fb:0a:bd:14:66:5d:2f:d1:8b:5c:f5:5a:\n                    c6:dd:f8:41:18:0e:02:f4:66:0a:37:ef:78:45:f4:\n                    6f:32:a0:be:46:d5:d1:8b:da:af:0f:e3:8c:c9:b0:\n                    e6:6f:d9:5b:d2:2f:f0:af:79:ea:ae:97:57:b3:0d:\n                    ce:73:ce:a2:93:ba:7c:d6:50:5c:35:d3:31:30:80:\n                    3a:1d:c2:43:94:ff:03:a3:f7:90:62:ff:4b:b7:ad:\n                    3c:84:51:39:f0:af:41:1e:f2:11:73:67:f6:04:c6:\n                    ee:44:f3:dc:a1:3d:71:27:f2:b6:37:64:e9:79:aa:\n                    92:f8:1e:7f:96:b5:e2:a1:ab:aa:26:b2:f0:6c:99:\n                    b8:8d:6e:c7:c3:a9:bd:c7:7c:15:86:51:98:28:d1:\n                    2f:fd:72:c3:72:b6:39:1a:17:46:35:3d:27:db:d5:\n                    bc:51:4f:bf:d3:90:e9:20:46:7e:1d:e2:f6:91:cb:\n                    7d:cb\n                Exponent: 65537 (0x10001)\n        X509v3 extensions:\n            X509v3 Key Usage: critical\n                Digital Signature, Key Encipherment\n            X509v3 Extended Key Usage: \n                TLS Web Server Authentication, TLS Web Client Authentication\n            X509v3 Basic Constraints: critical\n                CA:FALSE\n            X509v3 Subject Key Identifier: \n                B4:B2:14:E5:EE:1C:EB:3E:F8:D7:0B:1D:5E:46:DD:7C:36:E1:31:18\n            X509v3 Authority Key Identifier: \n                keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1\n\n            Authority Information Access: \n                OCSP - URI:http:\/\/ocsp.int-x3.letsencrypt.org\n                CA Issuers - URI:http:\/\/cert.int-x3.letsencrypt.org\/<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Renovaci\u00f3n automatica<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Para que la renovaci\u00f3n sea autom\u00e1tica creamos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos el contenido<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>printf \"********************************************************\\n\"\nprintf \"**********              APAGANDO ZIMBRA         ********\\n\"\nprintf \"********************************************************\\n\"\nsu - zimbra -c \"zmproxyctl stop &amp;&amp; zmmailboxdctl stop\"\n\n\nprintf \"********************************************************\\n\"\nprintf \"**********            RENOVANDO CERTIFICADOS    ********\\n\"\nprintf \"********************************************************\\n\"\nletsencrypt renew\n\nprintf \"********************************************************\\n\"\nprintf \"*            CONCATENANDO ROOT A CHAIN            ******\\n\"\nprintf \"********************************************************\\n\"\n#Salto de linea\necho >> \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem\n\necho '-----BEGIN CERTIFICATE-----\nMIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA\/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\nPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\nEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM\/IUmTrE4O\nrz5Iy2Xu\/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\nOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\nxiqKqy69cK3FCxolkHRyxXtqqzTWMIn\/5WgTe1QLyNau7Fqckh49ZLOMxt+\/yUFw\n7BZy1SbsOFU5Q9D8\/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\naeQQmxkqtilX4+U9m5\/wAl0CAwEAAaNCMEAwDwYDVR0TAQH\/BAUwAwEB\/zAOBgNV\nHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX\/xBVghYkQMA0GCSqG\nSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\nikugdB\/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\nAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\nR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir\/md2cXjbDaJWFBM5\nJDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\nOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n-----END CERTIFICATE-----' >> \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem\n\nprintf \"********************************************************\\n\"\nprintf \"*            RESULTADO CONTATENACION              ******\\n\"\nprintf \"********************************************************\\n\"\necho \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem\n\nprintf \"********************************************************\\n\"\nprintf \"*                COPIANDO CERTIFICADOS            ******\\n\"\nprintf \"********************************************************\\n\"\ncp \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/* \/opt\/zimbra\/ssl\/letsencrypt\/\n\nprintf \"********************************************************\\n\"\nprintf \"*            CAMBIANDO DE DUENO ZIMBRA            ******\\n\"\nprintf \"********************************************************\\n\"\nchown zimbra:zimbra \/opt\/zimbra\/ssl\/letsencrypt\/*\n\n\nprintf \"********************************************************\\n\"\nprintf \"*            LISTAMOS CERTIFICADOS                ******\\n\"\nprintf \"********************************************************\\n\"\nls -la \/opt\/zimbra\/ssl\/letsencrypt\/\n\n\nprintf \"********************************************************\\n\"\nprintf \"*            VERIFICANDO CERTIFICADOS             ******\\n\"\nprintf \"********************************************************\\n\"\nsu - zimbra -c \"cd \/opt\/zimbra\/ssl\/letsencrypt\/ &amp;&amp; \/opt\/zimbra\/bin\/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem\"\n\n\nprintf \"********************************************************\\n\"\nprintf \"*            RESPALDANDO CERTIFICADOS             ******\\n\"\nprintf \"********************************************************\\n\"\ncp -a \/opt\/zimbra\/ssl\/zimbra \/opt\/zimbra\/ssl\/zimbra.$(date \"+%Y%m%d\")\n\n\nprintf \"********************************************************\\n\"\nprintf \"*                 LLAVE COMERCIAL                 ******\\n\"\nprintf \"********************************************************\\n\"\ncp \/opt\/zimbra\/ssl\/letsencrypt\/privkey.pem \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key\nchown zimbra:zimbra \/opt\/zimbra\/ssl\/zimbra\/commercial\/*\n\n\nprintf \"********************************************************\\n\"\nprintf \"*              INSTALAR CERTIFICADO               ******\\n\"\nprintf \"********************************************************\\n\"\nsu - zimbra -c \"cd \/opt\/zimbra\/ssl\/letsencrypt\/ &amp;&amp; \/opt\/zimbra\/bin\/zmcertmgr deploycrt comm cert.pem chain.pem\"\n\n\nprintf \"********************************************************\\n\"\nprintf \"*              REINICIAR SERVICIO                 ******\\n\"\nprintf \"********************************************************\\n\"\nsu - zimbra -c \"zmcontrol restart\"\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Le damos permisos de ejecuci\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 7777 -R \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agreamos un cron <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>crontab -e<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>@monthly \/root\/ssh-renew.sh<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Instalamos git El primero paso ser\u00e1 detener el servicio de nginx o de jetty, ya que Let\u00b4s Encrypt se comunica usando el puerto 443 para generar el Certificado SSL. ingresamos a la carpeta \/tmp Clonamos el proyecto En este ejemplo, vamos a ejecutar Let\u2019s Encrypt de manera autom\u00e1tica, y usar la opci\u00f3n de certonly, la [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[236],"tags":[237],"class_list":["post-3743","post","type-post","status-publish","format-standard","hentry","category-zimbra","tag-zimbra-8"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/3743","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3743"}],"version-history":[{"count":20,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/3743\/revisions"}],"predecessor-version":[{"id":3770,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/3743\/revisions\/3770"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3743"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3743"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3743"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}