Zimbra Forums

You are not doing what I am asking of you. You are manually attempting to re-create what the zimbra.sh script would do for you. If you do that, you also have to do the work that the script does. Why? Good news is that at this point you have a valid certificate so no more acme.sh --issues. You don't ...

Hmm, something's not right; $ ./acme.sh --issue --dns dns_gd --keylength ec-2048 -d mx.domain.com See this which is early in this post. https://forums.zimbra.org/viewtopic.php?p=311288#p311288 Again. % ./acme.sh --issue --keylength 2048 --dns dns_gd -d mx.domain.com It will verify. Everything else ...

A high level overview.... 1) you install acme.sh or use what you have before 2) you run those 2 commands I mentioned 3) you issue a new certificate with the --keylength stuff 4) you verify that my zimbra.sh is installed in your deploy directory 5) you deploy your certificate So if you already had ac...

Message me here and we can discuss to see if following my instructions isn't working for you. The only thing I can think of would be you ran zmcertmgr as root from one of the many wiki's or forums posts when that was the correct user in previous releases. It has not been that case once 8.7.11+ when ...

And if that doesn't work... post that mx.domain.conf file again. Your previously one showed me that some of the steps that I asked in that wiki had not been performed. You can end up with a zerossl cert which is the default type for acme.sh for example if you are not careful. My scripts assume LE on...

Is it safe to simply re-install the acme and get things back online? There seem to be missing files but I'm not 100% sure. The only change I'd make is to be alerted if the cert is not renewed but then again, I read tons of posts about others having the same problem and it wasn't clear what to do. T...

I fired up a backup from Sept and on that one; $ cat mx.domain.com/mx.domain.com.conf Le_CertCreateTimeStr='2023-09-23T07:59:28Z' Le_NextRenewTimeStr='2023-11-21T07:59:28Z' Le_NextRenewTime='1700553568' $ ./acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.6 This was just a few post...

Answering your question about commercial. My deploy hook did this: % grep commer zimbra.sh cp -f "$_ckey" /opt/zimbra/ssl/zimbra/commercial/commercial.key The zmcertmgr deploycrt comm will create the .crt that you are asking about. % grep commercial zmcertmgr commercial /opt/zimbra/ssl/zim...

Can you post this file. You can delete Le_Domain, Le_Alt and Le_ChallengeAlias if present for obfuscation.

I am especially interested in Le_KeyLength

Jim

Looks pretty good here on my RHEL 8 test server (single server). Testing still ongoing for a few more days but no issues found yet. # dnf update Last metadata expiration check: 0:11:37 ago on Thu 19 Oct 2023 08:29:39 AM PDT. Dependencies resolved. ====================================================...