{"id":9719,"date":"2022-06-14T17:12:48","date_gmt":"2022-06-14T23:12:48","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=9719"},"modified":"2022-06-22T14:05:42","modified_gmt":"2022-06-22T20:05:42","slug":"zimbra-8-8-parte-iv-letsencrypt-v2-2022","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=9719","title":{"rendered":"Zimbra 8.8. Parte IV. (Letsencrypt v2) 2022"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Actualizamos e instalamos<\/li><li>Debe seer snap para que permita certbot certonly &#8211;standalone -d correo.siua.ac.cr &#8211;force-renewal &#8211;preferred-chain \u00abISRG Root X1\u00bb<\/li><li>Si tratamos de instalar snap y no da el error<\/li><li>https:\/\/wiki.zimbra.com\/wiki\/Installing_a_LetsEncrypt_SSL_Certificate<\/li><li>https:\/\/www.netntw.com\/archivos\/679<\/li><li>https:\/\/www.youtube.com\/watch?v=ct0Q2RVBvAA<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>error: system does not fully support snapd: cannot mount squashfs image using \"squashfs\": mount: <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>sudo apt install acl<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">HADES<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Debemos hacer la modificaci\u00f3n en el archivo de configuraci\u00f3n de la MV en PROXMOX<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/pve\/lxc\/140.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y agregarle<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>features: fuse=1,mount=fuse,nesting=1\ny esto\nlxc.mount.auto: cgroup:rw\nlxc.mount.auto: sys:rw\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Quedando as\u00ed<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>arch: amd64\ncores: 4\nfeatures: fuse=1,mount=fuse,nesting=1\nhostname: correo\nmemory: 8192\nnameserver: 127.0.0.1\nnet1: name=eth1,bridge=vmbr0,gw=181.193.87.1,hwaddr=8E:8F:73:63:8B:C1,ip=181.193.87.9\/28,tag=111,type=v>\nonboot: 1\nostype: ubuntu\nrootfs: STN01-VM:140\/vm-140-disk-0.raw,size=50G\nsearchdomain: siua.ac.cr\nswap: 8192\nunprivileged: 1\nlxc.mount.auto: cgroup:rw\nlxc.mount.auto: sys:rw\n<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">CORREO<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update\nsudo apt install squashfuse fuse squashfs-tools\nsudo apt install snap snapd\nsudo snap install core\nsudo snap install --classic certbot\nln -s \/snap\/bin\/certbot \/usr\/bin\/cerbot<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>verificamos la versi\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>certbot --version\n\n#Resultado\ncertbot 0.27.0<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Detenemos los servicios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su - zimbra -c \"zmproxyctl stop\"\nsudo su - zimbra -c \"zmmailboxdctl stop\"<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>ejecutamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>\ncertbot certonly --standalone -d correo.siua.ac.cr --force-renewal --preferred-chain \"ISRG Root X1\"<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\nRenewing an existing certificate for correo.siua.ac.cr\n\nSuccessfully received certificate.\nCertificate is saved at: \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/fullchain.pem\nKey is saved at:         \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/privkey.pem\nThis certificate expires on 2022-09-20.\nThese files will be updated when the certificate renews.\nCertbot has set up a scheduled task to automatically renew this certificate in the background.\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nIf you like Certbot, please consider supporting our work by:\n * Donating to ISRG \/ Let's Encrypt:   https:\/\/letsencrypt.org\/donate\n * Donating to EFF:                    https:\/\/eff.org\/donate-le\n\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Donde:<ul><li><strong>cert.pem<\/strong>: es el certificado<\/li><li><strong>fullchain.pem<\/strong>\u00a0esl a uni\u00f3n cert.pem + chain.pem<\/li><li><strong>privkey.pem<\/strong>\u00a0es la lave privada (Recuerde que esto es solo para usted)<\/li><\/ul><\/li><li>Ahora como usuario root<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/privkey.pem \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key\nchown zimbra:zimbra \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key\nwget -O \/tmp\/ISRG-X1.pem https:\/\/letsencrypt.org\/certs\/isrgrootx1.pem.txt\ncat \/tmp\/ISRG-X1.pem >> \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem\n\n\/\/Permisos\nchmod 777 -R \/etc\/letsencrypt\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Para mantener los permisos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt install acl\nsudo setfacl -R -m u:zimbra:rwx \/etc\/letsencrypt\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora como usuario zimbra<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su zimbra <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Revisamos que los servicios esten apagados<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>zmproxyctl stop\nzmmailboxdctl stop<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ejecutamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd ~\n\/opt\/zimbra\/bin\/zmcertmgr verifycrt comm \/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultados<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>** Verifying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' against '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key'\nCertificate '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' and private key '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' match.\n** Verifying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' against '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem'\nValid certificate chain: \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem: OK\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Luego ejecutamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>\/opt\/zimbra\/bin\/zmcertmgr deploycrt comm \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultados<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>** Verifying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' against '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key'\nCertificate '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' and private key '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' match.\n** Verifying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' against '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem'\nValid certificate chain: \/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem: OK\n** Copying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/cert.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt'\n** Copying '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt'\n** Appending ca chain '\/etc\/letsencrypt\/live\/correo.siua.ac.cr\/chain.pem' to '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt'\n** Importing cert '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '\/opt\/zimbra\/common\/lib\/jvm\/java\/lib\/security\/cacerts'\n** NOTE: restart mailboxd to use the imported certificate.\n** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer correo.siua.ac.cr...ok\n** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer correo.siua.ac.cr...ok\n** Installing imapd certificate '\/opt\/zimbra\/conf\/imapd.crt' and key '\/opt\/zimbra\/conf\/imapd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/imapd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/imapd.key'\n** Creating file '\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12'\n** Creating keystore '\/opt\/zimbra\/conf\/imapd.keystore'\n** Installing ldap certificate '\/opt\/zimbra\/conf\/slapd.crt' and key '\/opt\/zimbra\/conf\/slapd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/slapd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/slapd.key'\n** Creating file '\/opt\/zimbra\/ssl\/zimbra\/jetty.pkcs12'\n** Creating keystore '\/opt\/zimbra\/mailboxd\/etc\/keystore'\n** Installing mta certificate '\/opt\/zimbra\/conf\/smtpd.crt' and key '\/opt\/zimbra\/conf\/smtpd.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/smtpd.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/smtpd.key'\n** Installing proxy certificate '\/opt\/zimbra\/conf\/nginx.crt' and key '\/opt\/zimbra\/conf\/nginx.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.crt' to '\/opt\/zimbra\/conf\/nginx.crt'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/commercial\/commercial.key' to '\/opt\/zimbra\/conf\/nginx.key'\n** NOTE: restart services to use the new certificates.\n** Cleaning up 3 files from '\/opt\/zimbra\/conf\/ca'\n** Removing \/opt\/zimbra\/conf\/ca\/ca.pem\n** Removing \/opt\/zimbra\/conf\/ca\/ca.key\n** Removing \/opt\/zimbra\/conf\/ca\/e5f800d1.0\n** Copying CA to \/opt\/zimbra\/conf\/ca\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.key' to '\/opt\/zimbra\/conf\/ca\/ca.key'\n** Copying '\/opt\/zimbra\/ssl\/zimbra\/ca\/ca.pem' to '\/opt\/zimbra\/conf\/ca\/ca.pem'\n** Creating CA hash symlink 'e5f800d1.0' -> 'ca.pem'\n** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_1.crt\n** Creating CA hash symlink '8d33f237.0' -> 'commercial_ca_1.crt'\n** Creating \/opt\/zimbra\/conf\/ca\/commercial_ca_2.crt\n** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_2.crt'\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos zimbra<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>zmcontrol restart<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Cambiar logo zimbra<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Primero debemos hacer las imagenes en las medidas<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>440\u00d760 pixels \u2013 Logo del pagina de login<\/li><li>200\u00d735 pixels \u2013 Logo cuando ya se esta logeado (top left corner)<\/li><li>Descargamos:&nbsp;<a rel=\"noreferrer noopener\" href=\"\/wp-content\/uploads\/2020\/09\/LOGO_SIUA_COREO_ZIMBRA2.zip\" target=\"_blank\">aqu\u00ed<\/a><\/li><li>Ahora se recomienda almacenar los logos en otra parte que puedan ser accedidos de forma remota para cuando se actualice el sistema estos no se remplacen<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>su - zimbra\nzmprov md siua.ac.cr zimbraSkinLogoURL https:\/\/correo.siua.ac.cr\nzmprov md siua.ac.cr zimbraSkinLogoLoginBanner <a href=\"http:\/\/proxy.siua.ac.cr\/logos_zimbra\/correo_login.png\">http:\/\/proxy.siua.ac.cr\/logos_zimbra\/correo_login.png<\/a>\nzmprov md siua.ac.cr zimbraSkinLogoAppBanner <a href=\"http:\/\/proxy.siua.ac.cr\/logos_zimbra\/correo_app.png\">http:\/\/proxy.siua.ac.cr\/logos_zimbra\/correo_app.png<\/a>\nzmmailboxdctl restart<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Actualizamos e instalamos Debe seer snap para que permita certbot certonly &#8211;standalone -d correo.siua.ac.cr &#8211;force-renewal &#8211;preferred-chain \u00abISRG Root X1\u00bb Si tratamos de instalar snap y no da el error https:\/\/wiki.zimbra.com\/wiki\/Installing_a_LetsEncrypt_SSL_Certificate https:\/\/www.netntw.com\/archivos\/679 https:\/\/www.youtube.com\/watch?v=ct0Q2RVBvAA sudo apt install acl HADES Debemos hacer la modificaci\u00f3n en el archivo de configuraci\u00f3n de la MV en PROXMOX Y agregarle Quedando as\u00ed [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[236],"tags":[244,400],"class_list":["post-9719","post","type-post","status-publish","format-standard","hentry","category-zimbra","tag-zimbra","tag-zimbra-letsencrypt"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/9719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9719"}],"version-history":[{"count":18,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/9719\/revisions"}],"predecessor-version":[{"id":10367,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/9719\/revisions\/10367"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}