Skip to content

berikut adalah log proses saya melakukan installasi ssl letsencrypt multidomain untuk di mail server carbonio kami , dengan panduan referensi dari https://www.anahuac.eu/lets-encrypt-on-carbonio-system-root-with-acme-sh/

root@mail:~# su - zextras -c "zmcontrol stop"
root@mail:~# apt -y install socat
root@mail:~# wget -O - https://get.acme.sh | sh
root@mail:~# cd .acme.sh/
root@mail:~/.acme.sh#
root@mail:~/.acme.sh# su - zextras -c "zmmailboxdctl stop && zmproxyctl stop" 
root@mail:~/.acme.sh# ./acme.sh --issue --standalone --preferred-chain "ISRG Root X1" --keylength 2048 -d mail.alshifacharity.com -d mail.assyifa-boardingschool.sch.id -d mail.assyifa.net -d mail.assyifapeduli.org -d mail.elshifaradio.com -d mail.assyifasagalaherang.ponpes.id
root@mail:~/.acme.sh# cd mail.alshifacharity.com/
root@mail:~/.acme.sh/mail.alshifacharity.com# cp * /tmp/mail.alshifacharity.com/
root@mail:~/.acme.sh/mail.alshifacharity.com# cd /tmp/mail.alshifacharity.com/
root@mail:/tmp/mail.alshifacharity.com# wget --no-check-certificate -O ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
--2025-04-19 10:15:48--  https://letsencrypt.org/certs/isrgrootx1.pem.txt
Resolving letsencrypt.org (letsencrypt.org)... 52.76.120.174, 52.74.232.59, 2406:da18:b3d:e200::65, ...
Connecting to letsencrypt.org (letsencrypt.org)|52.76.120.174|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1939 (1.9K) [text/plain]
Saving to: ‘ISRG-X1.pem’

ISRG-X1.pem                                          100%[====================================================================================================================>]   1.89K  --.-KB/s    in 0s      

2025-04-19 10:15:48 (22.2 MB/s) - ‘ISRG-X1.pem’ saved [1939/1939]

root@mail:/tmp/mail.alshifacharity.com# ls -lah
total 48K
drwxr-xr-x  2 zextras zextras 4.0K Apr 19 10:11 .
drwxrwxrwt 21 root    root    4.0K Apr 19 10:15 ..
-rw-r--r--  1 zextras zextras 1.8K Apr 19 10:11 ca.cer
-rw-r--r--  1 zextras zextras 3.8K Apr 19 10:11 fullchain.cer
-rw-r--r--  1 root    root    1.9K Apr 19 10:15 ISRG-X1.pem
-rw-r--r--  1 zextras zextras 2.0K Apr 19 10:11 mail.alshifacharity.com.cer
-rw-r--r--  1 zextras zextras  836 Apr 19 10:11 mail.alshifacharity.com.conf
-rw-r--r--  1 zextras zextras 1.2K Apr 19 10:11 mail.alshifacharity.com.csr
-rw-r--r--  1 zextras zextras  348 Apr 19 10:11 mail.alshifacharity.com.csr.conf
-rw-------  1 zextras zextras 1.7K Apr 19 10:11 mail.alshifacharity.com.key
-rw-r--r--  1 zextras zextras 5.6K Apr 19 10:11 zextras_ca.pem
root@mail:/tmp/mail.alshifacharity.com# chown zextras: /tmp/mail.alshifacharity.com -R
root@mail:/tmp/mail.alshifacharity.com# ls -lah
total 48K
drwxr-xr-x  2 zextras zextras 4.0K Apr 19 10:11 .
drwxrwxrwt 21 root    root    4.0K Apr 19 10:16 ..
-rw-r--r--  1 zextras zextras 1.8K Apr 19 10:11 ca.cer
-rw-r--r--  1 zextras zextras 3.8K Apr 19 10:11 fullchain.cer
-rw-r--r--  1 zextras zextras 1.9K Apr 19 10:15 ISRG-X1.pem
-rw-r--r--  1 zextras zextras 2.0K Apr 19 10:11 mail.alshifacharity.com.cer
-rw-r--r--  1 zextras zextras  836 Apr 19 10:11 mail.alshifacharity.com.conf
-rw-r--r--  1 zextras zextras 1.2K Apr 19 10:11 mail.alshifacharity.com.csr
-rw-r--r--  1 zextras zextras  348 Apr 19 10:11 mail.alshifacharity.com.csr.conf
-rw-------  1 zextras zextras 1.7K Apr 19 10:11 mail.alshifacharity.com.key
-rw-r--r--  1 zextras zextras 5.6K Apr 19 10:11 zextras_ca.pem
root@mail:/tmp/mail.alshifacharity.com#
root@mail:/tmp/mail.alshifacharity.com# su - zextras -c " cd /tmp/mail.alshifacharity.com ; cat fullchain.cer ISRG-X1.pem > zextras_ca.pem "
dd
root@mail:/tmp/mail.alshifacharity.com# ls -lah
total 48K
drwxr-xr-x  2 zextras zextras 4.0K Apr 19 10:11 .
drwxrwxrwt 21 root    root    4.0K Apr 19 10:37 ..
-rw-r--r--  1 zextras zextras 1.8K Apr 19 10:11 ca.cer
-rw-r--r--  1 zextras zextras 3.8K Apr 19 10:11 fullchain.cer
-rw-r--r--  1 zextras zextras 1.9K Apr 19 10:15 ISRG-X1.pem
-rw-r--r--  1 zextras zextras 2.0K Apr 19 10:11 mail.alshifacharity.com.cer
-rw-r--r--  1 zextras zextras  836 Apr 19 10:11 mail.alshifacharity.com.conf
-rw-r--r--  1 zextras zextras 1.2K Apr 19 10:11 mail.alshifacharity.com.csr
-rw-r--r--  1 zextras zextras  348 Apr 19 10:11 mail.alshifacharity.com.csr.conf
-rw-------  1 zextras zextras 1.7K Apr 19 10:11 mail.alshifacharity.com.key
-rw-r--r--  1 zextras zextras 5.7K Apr 19 10:37 zextras_ca.pem
root@mail:/tmp/mail.alshifacharity.com#
root@mail:/tmp/mail.alshifacharity.com# su - zextras -c " cd /tmp/mail.alshifacharity.com ; /opt/zextras/bin/zmcertmgr verifycrt comm mail.alshifacharity.com.key mail.alshifacharity.com.cer zextras_ca.pem"
dd
** Verifying 'mail.alshifacharity.com.cer' against 'mail.alshifacharity.com.key'
Certificate 'mail.alshifacharity.com.cer' and private key 'mail.alshifacharity.com.key' match.
** Verifying 'mail.alshifacharity.com.cer' against 'zextras_ca.pem'
Valid certificate chain: mail.alshifacharity.com.cer: OK
root@mail:/tmp/mail.alshifacharity.com#
root@mail:/tmp/mail.alshifacharity.com# cp mail.alshifacharity.com.key /opt/zextras/ssl/carbonio/commercial/commercial.key -rf
root@mail:/tmp/mail.alshifacharity.com# chown zextras: /opt/zextras/ssl/carbonio/commercial/commercial.key
root@mail:/tmp/mail.alshifacharity.com# 
root@mail:/tmp/mail.alshifacharity.com# su - zextras -c " cd /tmp/mail.alshifacharity.com ;  /opt/zextras/bin/zmcertmgr deploycrt comm mail.alshifacharity.com.cer zextras_ca.pem"
dd
** Verifying 'mail.alshifacharity.com.cer' against '/opt/zextras/ssl/carbonio/commercial/commercial.key'
Certificate 'mail.alshifacharity.com.cer' and private key '/opt/zextras/ssl/carbonio/commercial/commercial.key' match.
** Verifying 'mail.alshifacharity.com.cer' against 'zextras_ca.pem'
Valid certificate chain: mail.alshifacharity.com.cer: OK
** Copying 'mail.alshifacharity.com.cer' to '/opt/zextras/ssl/carbonio/commercial/commercial.crt'
** Copying 'zextras_ca.pem' to '/opt/zextras/ssl/carbonio/commercial/commercial_ca.crt'
** Appending ca chain 'zextras_ca.pem' to '/opt/zextras/ssl/carbonio/commercial/commercial.crt'
** Importing cert '/opt/zextras/ssl/carbonio/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zextras/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.alshifacharity.com...ok
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.alshifacharity.com...ok
** Installing ldap certificate '/opt/zextras/conf/slapd.crt' and key '/opt/zextras/conf/slapd.key'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.crt' to '/opt/zextras/conf/slapd.crt'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.key' to '/opt/zextras/conf/slapd.key'
** Creating file '/opt/zextras/ssl/carbonio/jetty.pkcs12'
** Creating keystore '/opt/zextras/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zextras/conf/smtpd.crt' and key '/opt/zextras/conf/smtpd.key'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.crt' to '/opt/zextras/conf/smtpd.crt'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.key' to '/opt/zextras/conf/smtpd.key'
** Installing proxy certificate '/opt/zextras/conf/nginx.crt' and key '/opt/zextras/conf/nginx.key'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.crt' to '/opt/zextras/conf/nginx.crt'
** Copying '/opt/zextras/ssl/carbonio/commercial/commercial.key' to '/opt/zextras/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 9 files from '/opt/zextras/conf/ca'
** Removing /opt/zextras/conf/ca/commercial_ca_3.crt
** Removing /opt/zextras/conf/ca/aa578057.0
** Removing /opt/zextras/conf/ca/4042bcee.0
** Removing /opt/zextras/conf/ca/7ff6cbda.0
** Removing /opt/zextras/conf/ca/ca.pem
** Removing /opt/zextras/conf/ca/ca.key
** Removing /opt/zextras/conf/ca/commercial_ca_1.crt
** Removing /opt/zextras/conf/ca/0779e761.0
** Removing /opt/zextras/conf/ca/commercial_ca_2.crt
** Copying CA to /opt/zextras/conf/ca
** Copying '/opt/zextras/ssl/carbonio/ca/ca.key' to '/opt/zextras/conf/ca/ca.key'
** Copying '/opt/zextras/ssl/carbonio/ca/ca.pem' to '/opt/zextras/conf/ca/ca.pem'
** Creating CA hash symlink '0779e761.0' -> 'ca.pem'
** Creating /opt/zextras/conf/ca/commercial_ca_1.crt
** Creating CA hash symlink '7ff6cbda.0' -> 'commercial_ca_1.crt'
** Creating /opt/zextras/conf/ca/commercial_ca_2.crt
** Creating CA hash symlink 'aa578057.0' -> 'commercial_ca_2.crt'
** Creating /opt/zextras/conf/ca/commercial_ca_3.crt
** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_3.crt'
root@mail:/tmp/mail.alshifacharity.com#
root@mail:/tmp/mail.alshifacharity.com# su - zextras -c "zmcontrol restart"
dd
Host mail.alshifacharity.com
        Stopping config service...Done.
        Stopping service webapp...Done.
        Stopping stats...Done.
        Stopping mta...Done.
        Stopping cbpolicyd...Done.
        Stopping opendkim...Done.
        Stopping amavis...Done.
        Stopping antivirus...Done.
        Stopping antispam...Done.
        Stopping proxy...Done.
        Stopping memcached...Done.
        Stopping mailbox...Done.
        Stopping directory-server...Done.
Host mail.alshifacharity.com
        Starting directory server...Done.
        Starting config service...Done.
        Starting mailbox...Done.
        Starting memcached...Done.
        Starting proxy...Done.
        Starting amavis...Done.
        Starting antispam...Done.
        Starting antivirus...Done.
        Starting opendkim...Done.
        Starting mta...Done.
        Starting stats...Done.
        Starting service webapp...Done.
root@mail:/tmp/mail.alshifacharity.com#

referensi :

Let’s Encrypt on Carbonio – System Root with ACME.sh

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

ssl letsencrypt multidomain untuk di mail server carbonio