Problem Start Zimbra

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
Post Reply
chelinux
Posts: 29
Joined: Sat Jul 15, 2017 5:02 pm

Problem Start Zimbra

Post by chelinux »

hi my zimbra expires the certificate I renew it but still it does not raise and I have this message. Searching in forums I found how to renew the certificate, perform all the procedure but I get an error when generating the certificate

Message of error

Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.

Step 1

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createca -new
** Creating directory '/opt/zimbra/ssl/zimbra'
** Creating directory '/opt/zimbra/ssl/zimbra/ca'
** Creating directory '/opt/zimbra/ssl/zimbra/commercial'
** Creating directory '/opt/zimbra/ssl/zimbra/server'
** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'
** Touching file '/opt/zimbra/ssl/.rnd'
** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf
** Retrieving CA private key from LDAP... failed
** Creating CA with new private key /opt/zimbra/ssl/zimbra/ca/ca.key
Generating a 2048 bit RSA private key

[Step 2

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20180910143551
** Recreating /opt/zimbra/conf/zmssl.cnf
** Generating a server CSR of type 'self' for download
** Using CA cert in '/opt/zimbra/ssl/zimbra/ca/ca.pem'
** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
** Retrieving Commercial CA cert from LDAP... failed
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr with keysize=2048 digest=sha256
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domain.com...failed (rc=1)
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr

Step 3
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.com...failed (rc=1) [colo/]
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/73cb7729.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '73cb7729.0' -> 'ca.pem'

Step 4
zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deployca
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=1)

Step 5

[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- ldap: /opt/zimbra/conf/slapd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mta: /opt/zimbra/conf/smtpd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- proxy: /opt/zimbra/conf/nginx.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com

Step 6

[zimbra@mail ~]$ zmcontrol start
Host mail.domain.com
Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.
[zimbra@mail ~]$

Somebody could help me to which it refers I have reviewed everything / etc / hosts / etc / hostname the zones answers this all well


Thanks
Top
Post Reply

Return to “Administrators”