gibiscus wrote:so i find a workaround for myself atleast:

Thanks for post this. I am about to get involved myself and this thread will be extremely valuable for others.
Jim

Ref: https://github.com/s3fs-fuse/s3fs-fuse Scroll to the bottom and look at limitations. ie. no hard links Unless I am reading your error message your reported incorrectly... "link(/opt/zimbra/store/incoming/1593073256975-46.msg, /opt/zimbra/store/0/2/msg/0/260-200.msg): Operation not permitte...

Tell me please, if I update Zimbra version 8.7.11 to the latest (8.8.15), its certificate store will already have ISRG root? I am not convinced at this point that would solve anything or if there would be a problem. I am expecting a problem myself once you drop the full chain (ie. IdentTrust) or it...

July 8 has been pushed back to Sept 29, 2020 as of June 11 (today).

https://community.letsencrypt.org/t/tra ... -29/125516

B) Please comment on why there are different paths? 1) First check in: /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts 2) Importing the certificate to the storage: /opt/zimbra/common/etc/java/cacerts 3) Check the certificate in storage: /opt/zimbra/common/etc/java/cacerts Same file. % ls -...

What version of Zimbra are you running? If it is empty, I would expect that zmcertmgr could fail on the verify step and most likely will not install after July 8 but I have not tested that theory. That is based on the behavior when the IdentTrust wasn't chained. I have 3 ideas how we would proceed b...

Can you tell me what this yields on your platform?


Jim

Question: 1. Which certificates was actually used? The ones from ROOT or from ZIMBRA? 2. The ZIIMBRA user now has a crontab entry of: 27 0 * * * "/opt/zimbra/.acme.sh"/acme.sh --cron --home "/opt/zimbra/.acme.sh" > /dev/null is this right? 3. How do you think I will have to rene...

It always seems difficult the first time. The thing to remember is its 2 steps with acme.sh. You issue your certificates and if you hare happy with the results you can deploy them. It can be done in one step later but think 2 steps the first time you do it. If anything is going to mess up, it will b...

For completeness, acme.sh has other modes to help with validation that don't require port conflict resolution like --standalone. In some modes, you paste a known string or a file at a location and your webserver or inverse proxy would handle the validation for you. He keeps adding more modes so I wi...