Search found 901 matches
- Thu Oct 19, 2023 10:54 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
You are not doing what I am asking of you. You are manually attempting to re-create what the zimbra.sh script would do for you. If you do that, you also have to do the work that the script does. Why? Good news is that at this point you have a valid certificate so no more acme.sh --issues. You don't ...
- Thu Oct 19, 2023 10:31 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
Hmm, something's not right; $ ./acme.sh --issue --dns dns_gd --keylength ec-2048 -d mx.domain.com See this which is early in this post. https://forums.zimbra.org/viewtopic.php?p=311288#p311288 Again. % ./acme.sh --issue --keylength 2048 --dns dns_gd -d mx.domain.com It will verify. Everything else ...
- Thu Oct 19, 2023 8:36 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
A high level overview.... 1) you install acme.sh or use what you have before 2) you run those 2 commands I mentioned 3) you issue a new certificate with the --keylength stuff 4) you verify that my zimbra.sh is installed in your deploy directory 5) you deploy your certificate So if you already had ac...
- Thu Oct 19, 2023 8:08 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
Message me here and we can discuss to see if following my instructions isn't working for you. The only thing I can think of would be you ran zmcertmgr as root from one of the many wiki's or forums posts when that was the correct user in previous releases. It has not been that case once 8.7.11+ when ...
- Thu Oct 19, 2023 6:41 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
And if that doesn't work... post that mx.domain.conf file again. Your previously one showed me that some of the steps that I asked in that wiki had not been performed. You can end up with a zerossl cert which is the default type for acme.sh for example if you are not careful. My scripts assume LE on...
- Thu Oct 19, 2023 6:33 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
Is it safe to simply re-install the acme and get things back online? There seem to be missing files but I'm not 100% sure. The only change I'd make is to be alerted if the cert is not renewed but then again, I read tons of posts about others having the same problem and it wasn't clear what to do. T...
- Thu Oct 19, 2023 6:26 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
I fired up a backup from Sept and on that one; $ cat mx.domain.com/mx.domain.com.conf Le_CertCreateTimeStr='2023-09-23T07:59:28Z' Le_NextRenewTimeStr='2023-11-21T07:59:28Z' Le_NextRenewTime='1700553568' $ ./acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.6 This was just a few post...
- Thu Oct 19, 2023 6:21 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
Answering your question about commercial. My deploy hook did this: % grep commer zimbra.sh cp -f "$_ckey" /opt/zimbra/ssl/zimbra/commercial/commercial.key The zmcertmgr deploycrt comm will create the .crt that you are asking about. % grep commercial zmcertmgr commercial /opt/zimbra/ssl/zim...
- Thu Oct 19, 2023 5:50 pm
- Forum: Administrators
- Topic: Acme update is broken
- Replies: 62
- Views: 95731
Re: Acme update is broken
Can you post this file.
You can delete Le_Domain, Le_Alt and Le_ChallengeAlias if present for obfuscation.
I am especially interested in Le_KeyLength
Jim
Code: Select all
# su - zimbra
% cd .acme.sh
% cat mx.domain.com/mx.domain.com.conf
% ./acme.sh --version
I am especially interested in Le_KeyLength
Jim
- Thu Oct 19, 2023 4:13 pm
- Forum: Installation and Upgrade
- Topic: Zimbra 8.8.15 Patch-44 released, share your experience
- Replies: 18
- Views: 36869
Re: Zimbra 8.8.15 Patch-44 released, share your experience
Looks pretty good here on my RHEL 8 test server (single server). Testing still ongoing for a few more days but no issues found yet. # dnf update Last metadata expiration check: 0:11:37 ago on Thu 19 Oct 2023 08:29:39 AM PDT. Dependencies resolved. ====================================================...