zimbra系统不支持直接将域名由A换至B,所以通过搭建新系统并迁移数据的方式。
一、在正式切换邮件系统前,同步现有数据到新系统,正式切换停掉服务后再同步一次:
root@mail:~# cat rsync.sh
#!/bin/bash
rsync -av –progress /opt/zimbra/index/ root@192.168.8.2:/opt/zimbra_bak/index/
rsync -av –progress /opt/zimbra/store/ root@192.168.8.2:/opt/zimbra_bak/store/
rsync -av –progress /opt/zimbra/db/data/ root@192.168.8.2:/opt/zimbra_bak/mysql/
nohup sh rsync.sh &
注:先建立信任关系,在新系统上创建目标目录
二、准备ldap文件,从老系统上导出ldap数据,修改老域名为新域名:
老系统:
ldapsearch -h mail.old.cn -x -D “uid=zimbra,cn=admins,cn=zimbra” -w pppssswwwddd > mail.old.cn.ldif
注: “pppssswwwddd” 是ldap(zimbra root)密码
将mail.old.cn.ldif 中的老域名修改为新域名
sed -i ‘s/old/new/g’ mail.old.cn.ldif
sed -i ‘s/old.cn/new.com/g’ mail.old.cn.ldif #这个地方看实际情况
mv mail.old.cn.ldif mail.new.cn.ldif
将mail.new.cn.ldif拷贝到新邮件系统。
三、如果邮件系统前有路由,先配置好端口路由及防火墙:
名称 | 协议 | 源端口 | 内网ip | 内网端口 |
---|---|---|---|---|
Postfix | tcp | 25 | 192.168.8.2 | 25 |
HTTP | tcp | 80 | 192.168.8.2 | 80 |
POP3 | tcp | 110 | 192.168.8.2 | 110 |
IMAP | tcp | 143 | 192.168.8.2 | 143 |
LDAP | tcp | 389 | 192.168.8.2 | 389 |
HTTPS | tcp | 443 | 192.168.8.2 | 443 |
smtps | tcp | 465 | 192.168.8.2 | 465 |
smtp_tls | tcp | 587 | 192.168.8.2 | 587 |
Mailboxd IMAP SSL | tcp | 993 | 192.168.8.2 | 993 |
Mailboxd Pop SSL | tcp | 995 | 192.168.8.2 | 995 |
Mailboxd LMTP | tcp | 7025 | 192.168.8.2 | 7025 |
7071 | tcp | 7071 | 192.168.8.2 | 7071 |
8443 | tcp | 8443 | 192.168.8.2 | 8443 |
防火墙开放以上公网端口。
四、配置邮件系统的DNS:
new.cn :
MX mail.new.cn
A mail.new.cn 1.2.3.4 #1.2.3.4为公网ip
TXT v=spf1 a mx ~all #反垃圾检查
五、修改主机名、安装dnsmasq
root@mail:~# echo > /etc/hostname
root@mail:~# echo mail.new.cn > /etc/hostname
root@mail:~# cat /etc/hostname
mail.new.cn
root@mail:~# hostname mail.new.cn
apt-get install dnsmasq -y
root@mail:~# vim /etc/dnsmasq.d/new.cn.conf
server=192.168.8.2
domain=new.cn
mx-host=new.cn, mail.new.cn, 5
mx-host=mail.new.cn, mail.new.cn, 5
listen-address=127.0.0.1
service dnsmasq restart
六、在新机器上安装系统:
cd zcs-8.6.0_GA_1153.UBUNTU12_64.20141215195814/
./install.sh
Checking for prerequisites…
FOUND: NPTL
FOUND: netcat-openbsd-1.89-4ubuntu1
FOUND: sudo-1.8.3p1-1ubuntu3.7
FOUND: libidn11-1.23-2
FOUND: libpcre3-8.12-4ubuntu0.1
MISSING: libgmp3c2
FOUND: libexpat1-2.0.1-7.2ubuntu1.1
FOUND: libstdc++6-4.6.3-1ubuntu5
MISSING: libperl5.14
FOUND: libaio1-0.3.109-2ubuntu1
FOUND: resolvconf-1.63ubuntu16
FOUND: unzip-6.0-4ubuntu2.3
Checking for suggested prerequisites…
MISSING: pax does not appear to be installed.
FOUND: perl-5.14.2
MISSING: sysstat does not appear to be installed.
MISSING: sqlite3 does not appear to be installed.
安装相应包:
apt-get install libgmp3c2 libperl5.14 pax sysstat sqlite3 -y
再次执行:
./install.sh
root@mail:~/zcs-8.6.0_GA_1153.UBUNTU12_64.20141215195814# ./install.sh
Operations logged to /tmp/install.log.30327
Checking for existing installation…
zimbra-ldap…NOT FOUND
zimbra-logger…NOT FOUND
zimbra-mta…NOT FOUND
zimbra-dnscache…NOT FOUND
zimbra-snmp…NOT FOUND
zimbra-store…NOT FOUND
zimbra-apache…NOT FOUND
zimbra-spell…NOT FOUND
zimbra-convertd…NOT FOUND
zimbra-memcached…NOT FOUND
zimbra-proxy…NOT FOUND
zimbra-archiving…NOT FOUND
zimbra-core…NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. (“ZIMBRA”) WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra-public-eula-2-5.html
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites…
FOUND: NPTL
FOUND: netcat-openbsd-1.89-4ubuntu1
FOUND: sudo-1.8.3p1-1ubuntu3.7
FOUND: libidn11-1.23-2
FOUND: libpcre3-8.12-4ubuntu0.1
FOUND: libgmp3c2-2:4.3.2+dfsg-2ubuntu1
FOUND: libexpat1-2.0.1-7.2ubuntu1.1
FOUND: libstdc++6-4.6.3-1ubuntu5
FOUND: libperl5.14-5.14.2-6ubuntu2.5
FOUND: libaio1-0.3.109-2ubuntu1
FOUND: resolvconf-1.63ubuntu16
FOUND: unzip-6.0-4ubuntu2.3
Checking for suggested prerequisites…
FOUND: pax
FOUND: perl-5.14.2
FOUND: sysstat
FOUND: sqlite3
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y]
Install zimbra-logger [Y]
Install zimbra-mta [Y]
Install zimbra-dnscache [Y] n
Install zimbra-snmp [Y]
Install zimbra-store [Y]
Install zimbra-apache [Y]
Install zimbra-spell [Y]
Install zimbra-memcached [Y]
Install zimbra-proxy [Y]
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] y
Removing /opt/zimbra
Removing zimbra crontab entry…done.
Cleaning up zimbra init scripts…done.
Cleaning up /etc/ld.so.conf…done.
Cleaning up /etc/security/limits.conf…done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-ldap......zimbra-ldap_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-logger......zimbra-logger_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-mta......zimbra-mta_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-snmp......zimbra-snmp_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-store......zimbra-store_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-apache......zimbra-apache_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-spell......zimbra-spell_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-memcached......zimbra-memcached_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
zimbra-proxy......zimbra-proxy_8.6.0.GA.1153.UBUNTU12.64_amd64.deb...done
Operations logged to /tmp/zmsetup03252017-201041.log
Installing LDAP configuration database…done.
Setting defaults… MX: mail.new.cn (192.168.8.2)
Interface: 192.168.8.2
Interface: 127.0.0.1
Interface: ::1
192.168.8.2
done.
Checking for port conflicts
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@mail.new.cn
* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.tofqin0el@mail.new.cn
+Enable automated spam training: yes
+Spam training user: spam.b4n_54dfo@mail.new.cn
+Non-spam(Ham) training user: ham.emxspmv9g@mail.new.cn
+SMTP host: mail.new.cn
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.new.cn:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@mail.new.cn
+Version update source email: admin@mail.new.cn
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 2
Ldap configuration
1) Status: Enabled
2) Create Domain: yes
3) Domain to create: mail.new.cn
4) Ldap root password: set
5) Ldap replication password: set
6) Ldap postfix password: set
7) Ldap amavis password: set
8) Ldap nginx password: set
9) Ldap Bes Searcher password: set
Select, or ‘r’ for previous menu [r] 3
Create domain: [mail.new.cn] new.cn
MX: mail.new.cn (192.168.8.2)
Interface: 192.168.8.2
Interface: 127.0.0.1
Interface: ::1
Ldap configuration
1) Status: Enabled
2) Create Domain: yes
3) Domain to create: new.cn
4) Ldap root password: set
5) Ldap replication password: set
6) Ldap postfix password: set
7) Ldap amavis password: set
8) Ldap nginx password: set
9) Ldap Bes Searcher password: set
Select, or ‘r’ for previous menu [r]
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@new.cn
* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.tofqin0el@new.cn
+Enable automated spam training: yes
+Spam training user: spam.b4n_54dfo@new.cn
+Non-spam(Ham) training user: ham.emxspmv9g@new.cn
+SMTP host: mail.new.cn
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL: http://mail.new.cn:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@new.cn
+Version update source email: admin@new.cn
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 6
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@new.cn
** 4) Admin Password UNSET
5) Anti-virus quarantine user: virus-quarantine.tofqin0el@new.cn
6) Enable automated spam training: yes
7) Spam training user: spam.b4n_54dfo@new.cn
8) Non-spam(Ham) training user: ham.emxspmv9g@new.cn
9) SMTP host: mail.new.cn
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.new.cn:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@new.cn
22) Version update source email: admin@new.cn
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or ‘r’ for previous menu [r] 4
Password for admin@new.cn (min 6 characters): [R90DTaVo] fL2n6LERnw
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@new.cn
4) Admin Password set
5) Anti-virus quarantine user: virus-quarantine.tofqin0el@new.cn
6) Enable automated spam training: yes
7) Spam training user: spam.b4n_54dfo@new.cn
8) Non-spam(Ham) training user: ham.emxspmv9g@new.cn
9) SMTP host: mail.new.cn
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL: http://mail.new.cn:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@new.cn
22) Version update source email: admin@new.cn
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or ‘r’ for previous menu [r]
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
7) zimbra-spell: Enabled
8) zimbra-proxy: Enabled
9) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
* CONFIGURATION COMPLETE - press ‘a’ to apply
Select from menu, or press ‘a’ to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.7469]
Saving config in /opt/zimbra/config.7469…done.
The system will be modified - continue? [No] y
Operations logged to /tmp/zmsetup03252017-201041.log
Setting local config values…done.
Initializing core config…Setting up CA…done.
Deploying CA to /opt/zimbra/conf/ca …done.
Creating SSL zimbra-store certificate…done.
Creating new zimbra-ldap SSL certificate…done.
Creating new zimbra-mta SSL certificate…done.
Creating new zimbra-proxy SSL certificate…done.
Installing mailboxd SSL certificates…done.
Installing MTA SSL certificates…done.
Installing LDAP SSL certificate…done.
Installing Proxy SSL certificate…done.
Initializing ldap…done.
Setting replication password…done.
Setting Postfix password…done.
Setting amavis password…done.
Setting nginx password…done.
Setting BES searcher password…done.
Creating server entry for mail.new.cn…done.
Setting Zimbra IP Mode…done.
Saving CA in ldap …done.
Saving SSL Certificate in ldap …done.
Setting spell check URL…done.
Setting service ports on mail.new.cn…done.
Setting zimbraFeatureTasksEnabled=TRUE…done.
Setting zimbraFeatureBriefcasesEnabled=TRUE…done.
Setting TimeZone Preference…done.
Initializing mta config…done.
Setting services on mail.new.cn…done.
Adding mail.new.cn to zimbraMailHostPool in default COS…done.
Creating domain new.cn…done.
Setting default domain name…done.
Creating domain new.cn…already exists.
Creating admin account admin@new.cn…done.
Creating root alias…done.
Creating postmaster alias…done.
Creating user spam.b4n_54dfo@new.cn…done.
Creating user ham.emxspmv9g@new.cn…done.
Creating user virus-quarantine.tofqin0el@new.cn…done.
Setting spam training and Anti-virus quarantine accounts…done.
Initializing store sql database…done.
Setting zimbraSmtpHostname for mail.new.cn…done.
Configuring SNMP…done.
Setting up syslog.conf…done.
Starting servers…done.
Installing common zimlets…
com_zimbra_mailarchive…done.
com_zimbra_viewmail…done.
com_zimbra_date…done.
com_zimbra_ymemoticons…done.
com_zimbra_tooltip…done.
com_zimbra_srchhighlighter…done.
com_zimbra_proxy_config…done.
com_zimbra_cert_manager…done.
com_zimbra_clientuploader…done.
com_zimbra_webex…done.
com_zimbra_adminversioncheck…done.
com_zimbra_attachcontacts…done.
com_zimbra_phone…done.
com_zimbra_bulkprovision…done.
com_zimbra_email…done.
com_zimbra_url…done.
com_zimbra_attachmail…done.
Finished installing common zimlets.
Restarting mailboxd…done.
Creating galsync account for default domain…done.
You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.6.0_GA_1153_UBUNTU12_64)
The ADMIN EMAIL ADDRESS created (admin@new.cn)
Notify Zimbra of your installation? [Yes] n
Notification skipped
Setting up zimbra crontab…done.
Moving /tmp/zmsetup03252017-201041.log to /opt/zimbra/log
Configuration complete - press return to exit
导入之前准备好的ldap文件:
设置ldap密码,不然会报 “ldap_bind: Invalid credentials (49) “:
zmldappasswd pppssswwwddd
ldapadd -h mail.new.cn -x -c -D “uid=zimbra,cn=admins,cn=zimbra” -w pppssswwwddd < /tmp/new.ldif
停掉服务
zmcontrol stop
六、正式切换,停掉老服务:
1.在老系统停掉邮件服务:
zmcontrol stop
2.最后同步一次数据:
nohup sh rsync.sh &
3.导入老数据:
cd /opt/zimbra/index
mv 0 0.bak
mv /opt/zimbra_bak/index/0 ./
cd /opt/zimbra/store
mv 0 0.bak
mv /opt/zimbra_bak/store/0 ./
以下几步分步执行,确定将新邮件系统mysql的user表导出后又导回:
cd /opt/zimbra/db/data/
mkdir bak
mv * bak/
mv /opt/zimbra_bak/mysql/* ./
cp -rf bak/mysql/user.* mysql/
zmcontrol start
新开一个窗口:
cd /opt/zimbra/log
tail -f *
查看是否有不能正常链接数据库的问题”Could not establish a connection to the database. Retrying in 5 seconds.”,如果有,重新安装邮件系统,注意上面备份user表再还原。如果重装,先执行以下步骤,不然以前导过来的数据全没了(我的就没了):
cd /opt/zimbra/index
mv 0 /opt/zimbra_bak/index/
cd /opt/zimbra/store
mv 0 /opt/zimbra_bak/store/
cd /opt/zimbra/db/data/
mv * /opt/zimbra_bak/mysql/
cd /opt/zimbra_bak/
du -sh *
七、安装Nginx监听80端口
apt-get install nginx
vim /etc/nginx/sites-enabled/mail
server {
listen 80;
server_name mail.test.cn;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080;
}
}
service nginx restart
打开web页看服务是否正常。
八、安装受信证书:
官方:https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate
service nginx stop
su - zimbra
zmcontrol stop
exit
apt-get install git
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly
如果安装python包失败:./letsencrypt-auto certonly –no-self-upgrade
出现一个错误不用管”Failed to find apache2ctl in PATH:”
选standalone
cd /etc/letsencrypt/live/mail.new.cn/
ls -al
vim chain.pem
add:
—–BEGIN CERTIFICATE—–
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
—–END CERTIFICATE—–
mkdir /opt/zimbra/ssl/letsencrypt
cp * /opt/zimbra/ssl/letsencrypt/
chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/*
ls -la /opt/zimbra/ssl/letsencrypt/
cd /opt/zimbra/ssl/letsencrypt/
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
cp -a /opt/zimbra/ssl/zimbra /opt/zimbra/ssl/zimbra.$(date “+%Y%m%d”)
cp /opt/zimbra/ssl/letsencrypt/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
启动服务:
su - zimbra
zmcontrol restart
exit
service nginx start
完成