Thank for your kind help. Unfortunately, I got the following error:
Code: Select all
[administrator@mail acme.sh]$ ./acme.sh --renew -d mail.zimilab.com
[Thu Mar 29 23:35:19 +07 2018] Renew: 'mail.zimilab.com'
[Thu Mar 29 23:35:21 +07 2018] Multi domain='DNS:zimilab.com'
[Thu Mar 29 23:35:21 +07 2018] Getting domain auth token for each domain
[Thu Mar 29 23:35:21 +07 2018] Getting webroot for domain='mail.zimilab.com'
[Thu Mar 29 23:35:21 +07 2018] Getting new-authz for domain='mail.zimilab.com'
[Thu Mar 29 23:35:24 +07 2018] The new-authz request is ok.
[Thu Mar 29 23:35:24 +07 2018] Getting webroot for domain='zimilab.com'
[Thu Mar 29 23:35:24 +07 2018] Getting new-authz for domain='zimilab.com'
[Thu Mar 29 23:35:25 +07 2018] The new-authz request is ok.
[Thu Mar 29 23:35:25 +07 2018] mail.zimilab.com is already verified, skip dns-01.
[Thu Mar 29 23:35:25 +07 2018] zimilab.com is already verified, skip dns-01.
[Thu Mar 29 23:35:25 +07 2018] Verify finished, start to sign.
[Thu Mar 29 23:35:28 +07 2018] Cert success.
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
[Thu Mar 29 23:35:28 +07 2018] Your cert is in /home/administrator/.acme.sh/mail.zimilab.com/mail.zimilab.com.cer
[Thu Mar 29 23:35:28 +07 2018] Your cert key is in /home/administrator/.acme.sh/mail.zimilab.com/mail.zimilab.com.key
[Thu Mar 29 23:35:29 +07 2018] The intermediate CA cert is in /home/administrator/.acme.sh/mail.zimilab.com/ca.cer
[Thu Mar 29 23:35:29 +07 2018] And the full chain certs is there: /home/administrator/.acme.sh/mail.zimilab.com/fullchain.cer
[Thu Mar 29 23:35:29 +07 2018] It seems that you are using dns manual mode. please take care: The dns manual mode can not renew automatically, you must issue it again manually. You'd better use the other modes instead.
[Thu Mar 29 23:35:29 +07 2018] Call hook error.
Code: Select all
[zimbra@mail letsencrypt]$ ./deploy-zimbra-letsencrypt.sh
zimbra/
zimbra/server/
zimbra/server/server.crt
zimbra/server/server.key
zimbra/server/server.csr
zimbra/ca/
zimbra/ca/ca.key
zimbra/ca/index.txt.attr
zimbra/ca/index.txt
zimbra/ca/ca.srl
zimbra/ca/ca.srl.old
zimbra/ca/zmssl.cnf
zimbra/ca/index.txt.old
zimbra/ca/newcerts/
zimbra/ca/newcerts/1514395920.pem
zimbra/ca/newcerts/1514395914.pem
zimbra/ca/newcerts/1514395905.pem
zimbra/ca/newcerts/1514395909.pem
zimbra/ca/ca.pem
zimbra/commercial/
zimbra/commercial/commercial_ca.crt
zimbra/commercial/commercial.key
zimbra/commercial/commercial.crt
zimbra/jetty.pkcs12
** Verifying 'mail.zimilab.com.cer' against 'mail.zimilab.com.key'
Certificate 'mail.zimilab.com.cer' and private key 'mail.zimilab.com.key' match.
** Verifying 'mail.zimilab.com.cer' against 'fullchain.cer'
ERROR: Unable to validate certificate chain: mail.zimilab.com.cer: CN = mail.zimilab.com
error 10 at 0 depth lookup:certificate has expired
OK
So I understand that I always have to update the TXT record manually even I do renew before 6o days?Please add the TXT record to your DNS records. This step is required every time you renew your certificate. With DNS api mode, this step can be automated.
Best regards,