This guide shows how to install Kolab on Ubuntu 18.04 Bionic Beaver and thereafter securing it via Letsencrypt Certificate

Kolab Groupware is a Free and Open Source collaboration suite. It is secure, scalable, reliable, flexible and full-featured. Kolab Groupware is the glue between the various pieces of software you would choose to Do-It-Yourself (DIY) your own mail server, and adds to that collaboration capabilities, mobile phone synchronization, native integration in to desktop operating system platforms such as Mac OS X, Linux and Windows – in a ready-to-go, integrated offering with a uniquely uniform look and feel.

Step 1: Set Server hostname

Add hostname(FQDN) to your system

hostnamectl set-hostname

Open up /etc/hosts and add your IP and set hostname to your kolab server

vim /etc/hosts

Paste below on the file. Change the IP to your Public One.  kolab

Step 2: Add Kolab repositories to APT

Open a new file under /etc/apt/sources.list.d/ and add the repositories as shown below.

sudo tee /etc/apt/sources.list.d/kolab.list <<EOF
deb ./
deb-src ./

Step 3: Import Kolab GPG Key

Import the GPG key used to sign the Kolab packages

wget -q -O- | apt-key add -

Step 4: Set packages priority

To ensure the Kolab packages have priority over the Ubuntu packages, such as must be the case for PHP as well as Cyrus IMAP, please make sure the APT preferences pin the origin as a preferred source.

Edit and add the following to /etc/apt/preferences.d/kolab file

sudo nano /etc/apt/preferences.d/kolab
Package: *
Pin: origin
Pin-Priority: 501

Step 5: Install Kolab Groupware on Ubuntu 18.04

Update the system

sudo apt update

After that is done, install the package as shown below

sudo apt -y install kolab

Step 6: Set up Kolab on Ubuntu 18.04

Run the command below to setup Kolab on Ubuntu 18.04.

sudo setup-kolab

You will encounter the following questions during set-up, follow the instructions and do not forget the passwords you input

# Please supply a password for the LDAP administrator user ‘admin’, used to login to the graphical console of 389 Directory server.
 Administrator password [ieMeibeong6Kiwu]:
 Confirm Administrator password:
# Please supply a password for the LDAP Directory Manager user, which is the administrator user you will be using to at least initially log in to the Web
 Admin, and that Kolab uses to perform administrative tasks.
 Directory Manager password [eivaiLa9ied9aph]: # Direcory Manager Paswd
 Confirm Directory Manager password:
# Please choose the system user and group the service should use to run under. These should be existing, unprivileged, local system POSIX accounts with no shell.
 User [dirsrv]:
 Group [dirsrv]:
 This setup procedure plans to set up Kolab Groupware for the following domain name space. This domain name is obtained from the reverse DNS entry on your
 network interface. Please confirm this is the appropriate domain name space. [Y/n]: Y
 The standard root dn we composed for you follows. Please confirm this is the root dn you wish to use.
 dc=computingforgeeks,dc=com [Y/n]: Y
 Setup is now going to set up the 389 Directory Server. This may take a little while (during which period there is no output and no progress indication).
 Created symlink from /etc/systemd/system/ to /lib/systemd/system/
# Please supply a Cyrus Administrator password. This password is used by Kolab to execute administrative tasks in Cyrus IMAP. You may also need the password
 yourself to troubleshoot Cyrus IMAP and/or perform other administrative tasks against Cyrus IMAP directly.
 Cyrus Administrator password [ubFGUk4Hy7bKvwh]:
 Confirm Cyrus Administrator password:

# Please supply a Kolab Service account password. This account is used by various services such as Postfix, and Roundcube, as anonymous binds to the LDAP server
 will not be allowed.
 Kolab Service password [bFGUk4Hyu7bKvwh]:
 Confirm Kolab Service password:
 Database Configuration
 What MySQL server are we setting up?
 – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: – 1: Existing MySQL server (with root password already set).
 – 2: New MySQL server (needs to be initialized).
 Choice: 1
# Please supply the root password for MySQL, so we can set up user accounts for other components that use MySQL.
 MySQL root password:
# Please supply a password for the MySQL user ‘kolab’. This password will be used by Kolab services, such as the Web Administration Panel.
 MySQL kolab password [2bFGk4Hy_k4Hyu]:
 Confirm MySQL kolab password:
# Please supply the timezone PHP should be using. You have to use a Continent or Country / City locality name like ‘Europe/Berlin’, but not just ‘CEST’.
 Timezone ID [UTC]: Africa/Nairobi
# Please supply a password for the MySQL user ’roundcube’. This password will be used by the Roundcube webmail interface.
 MySQL roundcube password [k4Hyu7ONPysbKzb]:
 Confirm MySQL roundcube password:

Step 7: Configure Firewall

If you have a firewall that is running, allow HTTPS through the Firewall

As root user do:

$ sudo ufw allow 'Apache Full'
$ ufw status

To                         Action      From
 --                         ------      ----
 Apache Full                ALLOW       Anywhere                  
 22/tcp                     ALLOW       Anywhere                                    
 Apache Full (v6)           ALLOW       Anywhere (v6)             
 22/tcp (v6)                ALLOW       Anywhere (v6)             
 OpenSSH (v6)               ALLOW       Anywhere (v6) 

Step 8: Secure Kolab Groupware on Ubuntu 18.04

Secure your Kolab with Letsencrypt. Kolab runs on Apache, so we are going to secure it using Letsencrypt for Apache

First, add the repository:

sudo add-apt-repository ppa:certbot/certbot
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu(s).
More info:
Press [ENTER] to continue or Ctrl-c to cancel adding it. # PRESS ENTER

Install Certbot’s Apache package with apt

sudo apt install python-certbot-apache

Reading package lists… Done
 Building dependency tree       
 Reading state information… Done
 The following packages were automatically installed and are no longer required:

Step 9: Obtain Let’s Encrypt SSL Certificate

Obtain your Let’s Encrypt SSL Certificate and follow the prompts

$ sudo certbot --apache -d

Saving debug log to /var/log/letsencrypt/letsencrypt.log
 Plugins selected: Authenticator apache, Installer apache
 Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected]  # INPUT YOUR EMAIL HERE

Please read the Terms of Service at You must
 agree in order to register with the ACME server at
 (A)gree/(C)ancel: A

 Would you be willing to share your email address with the Electronic Frontier
 Foundation, a founding partner of the Let's Encrypt project and the non-profit
 organization that develops Certbot? We'd like to send you email about our work
 encrypting the web, EFF news, campaigns, and ways to support digital freedom.
 (Y)es/(N)o: N

Obtaining a new certificate
 Performing the following challenges:
 http-01 challenge for
 Waiting for verification…
 Cleaning up challenges
 Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
 Enabled Apache socache_shmcb module
 Enabled Apache ssl module
 Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
 Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1. No redirect - Make no further changes to the webserver configuration.
2. Redirect - Make all requests redirect to secure HTTPS access. Choose this for
 new sites, or if you're confident your site works on HTTPS. You can undo this
 change by editing your web server's configuration.

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2  # I PERSONALLY LIKE THE REDIRECT OPTION BUT YOU CAN CHOOSE THE ONE YOU LIKE.
 Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
 Congratulations! You have successfully enabled
 You should test your configuration at:

 Congratulations! Your certificate and chain have been saved at:
 Your key file has been saved at:
 Your cert will expire on 2019-08-14. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot again
 with the "certonly" option. To non-interactively renew all of
 your certificates, run "certbot renew"
 Your account credentials have been saved in your Certbot
 configuration directory at /etc/letsencrypt. You should make a
 secure backup of this folder now. This configuration directory will
 also contain certificates and private keys obtained by Certbot so
 making regular backups of this folder is ideal.
 If you like Certbot, please consider supporting our work by:
 Donating to ISRG / Let's Encrypt:
 Donating to EFF:           

Your ssl certificate should be okay now just try to access your Kolab instance e.g

https://<your FQDN>/kolab-webadmin/

The username is cn: Directory Manager and password is the password you set while installing Kolab

kolab login

Cheers guys. Also check:

Install Zimbra Mail Server on Ubuntu 18.04

Install Postal Mail Server on Ubuntu 18.04

Install Latest LibreOffice on Fedora

Vuls – Best Vulnerability Scanner for Linux / FreeBSD / WordPress / Network

How to Install Wine 4 on Fedora

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here