Hi,
I've a working ZCS OSS 8.8.9 multinode setup. I've an host for the proxy and another host for the admin. Other hosts for mta and stores.
After I installed from CLI a per domain commercial certificate (Comodo certificate) on the proxy node, I'm unable to modify the domain from AdminConsole. When I click "save" in Configure-->domain->example.com I got the error "Invalid certificate or private key" (screenshot of the error was attached). From CLI I'm able to modify the domain. Before I installed the certificate I was able to modify the domain from AdminConsole.
This is all the steps on proxy node (no errors):
<<
zmprov cd example.com zimbraAuthMech zimbra
zmprov md example.com zimbraVirtualHostName mail.example.com
zmprov md example.com zimbraVirtualIPAddress x.y.u.i
/opt/zimbra/libexec/zmdomaincertmgr savecrt example.com /opt/zimbra/certs/example.com.bundle /opt/zimbra/certs/server.key
/opt/zimbra/libexec/zmdomaincertmgr deploycrts
zmprov md proxys.com zimbraPublicServiceHostname mail.example.com
zmprov md proxys.com zimbraPublicServiceProtocol https
zmprov md proxys.com zimbraPublicServicePort 443
>>
After proxy was restarted, the webmail shows the correct certificate was loaded.
Please note that the private key is passwordless, and the command "/opt/zimbra/bin/zmcertmgr verifycrt comm ..." returns "Valid certificate chain: ./server.crt: OK"
Any Idea? How to better troubleshoot?
Tnx & br.
unable to modify domain from AdminConsole - Invalid certificate or private key
unable to modify domain from AdminConsole - Invalid certificate or private key
- Attachments
-
- dom-error.jpg (105.41 KiB) Viewed 1478 times
-
- cert-error.png (42.5 KiB) Viewed 1478 times
Re: unable to modify domain from AdminConsole - Invalid certificate or private key
just got exact same issue with SNI cert installed on Release 9.0.0.GA.4178.UBUNTU20.64 UBUNTU20_64 NETWORK edition, Patch 9.0.0_P25.
Not exactly a solution, but worked for me:
* just remove certificate from domain -> save
* make domain config changes - save (should work this time)
* reapply cert
Not exactly a solution, but worked for me:
* just remove certificate from domain -> save
* make domain config changes - save (should work this time)
* reapply cert
Re: unable to modify domain from AdminConsole - Invalid certificate or private key
I also have the same problem, see that
Not exactly a solution, but worked for me:
* just remove certificate from domain -> save
* make domain config changes - save (should work this time)
* reapply cert
Should work, but don't want to try till I understand the
* reapply cert
Part, does it need to be done on the CLI, if so how. Or can I just paste them back in the Admin interface?
Thanks in advance
Not exactly a solution, but worked for me:
* just remove certificate from domain -> save
* make domain config changes - save (should work this time)
* reapply cert
Should work, but don't want to try till I understand the
* reapply cert
Part, does it need to be done on the CLI, if so how. Or can I just paste them back in the Admin interface?
Thanks in advance