Search found 610 matches

by JDunphy
Wed Jun 16, 2021 8:16 pm
Forum: Administrators
Topic: unable to find local issuer with JDunphys method
Replies: 10
Views: 2049

Re: unable to find local issuer with JDunphys method

I don't have anything older to test against with -show_chain so let's assume that you are not running 8.8.15P22 and most likely 8.8.15P19 which was that version of openssl I believe. We had a lot of problems when we moved to p20 which introduced the newer openssl 1.1.1i version so the pain is still ...
by JDunphy
Wed Jun 16, 2021 3:54 pm
Forum: Administrators
Topic: unable to find local issuer with JDunphys method
Replies: 10
Views: 2049

Re: unable to find local issuer with JDunphys method

I am unable to use the -show_chain command with openssl, not sure whether the syntax has changed but it gives me the help output. You say that the --preferred-chain option needs to be changed to "x2", does the corresponding wget need to reference x2 aswell? This is truly odd as we are usi...
by JDunphy
Tue Jun 15, 2021 3:58 pm
Forum: Administrators
Topic: unable to find local issuer with JDunphys method
Replies: 10
Views: 2049

Re: unable to find local issuer with JDunphys method

If it turns out to be the chain, you can do what I show in that post or add --preferred-chain to your issue command which should make the wiki link valid again if they have changed the defaults for acme.sh Wiki needs an update as does the script to handle zeroSSL and the 2 letsencrypt chains. --pref...
by JDunphy
Tue Jun 15, 2021 3:42 pm
Forum: Administrators
Topic: unable to find local issuer with JDunphys method
Replies: 10
Views: 2049

Re: unable to find local issuer with JDunphys method

I would start with this post to see what chain you are using: https://forums.zimbra.org/viewtopic.php?f=15&t=60781&start=110#p301489 One concern is that depending on when you started with acme.sh (there is no context to when you downloaded it and what version), it could have changed the defa...
by JDunphy
Fri Jun 11, 2021 5:19 pm
Forum: Administrators
Topic: Certificate/Certbot - best way?
Replies: 28
Views: 6059

Re: Certificate/Certbot - best way?

One question: It isn't clear to me if the cron job will renew and deploy the certificates after 60 days or if it will simply renew them and then I have to login as zimbra user to deploy them. I was expecting that the account.conf file should have some info about the deploy hook we use (the zimbra s...
by JDunphy
Sun Jun 06, 2021 2:01 am
Forum: Administrators
Topic: Zimbra 8.8.15 NE sending license and server data to zextras
Replies: 6
Views: 3760

Re: Zimbra 8.8.15 NE sending license and server data to zextras

Confirmed... One of our NE servers began doing this (From our logs, I see May 5 and now June 5). License data is probably fine but I would rather they did that at time of install or activation ... but the moment they take other information gathered because they are inside my server via a package upd...
by JDunphy
Tue Jun 01, 2021 3:23 pm
Forum: Administrators
Topic: zmcertmgr - errors out with elliptical curve certs - suggested fix
Replies: 1
Views: 780

Re: zmcertmgr - errors out with elliptical curve certs - suggested fix

Thank you for this! I tested it against our commercial version of 8 .8.15 and no problems installing my current letsencrypt cert ("ISRG Root X1") or the previous ("DST Root CA X3") cross signed chain with your enhancement. I have taken to creating patch scripts that I apply on re...
by JDunphy
Mon May 31, 2021 4:45 pm
Forum: Administrators
Topic: warning tls smtpd_tls_ask_ccert = no please help
Replies: 2
Views: 1200

Re: warning tls smtpd_tls_ask_ccert = no please help

and recive mail from gmail.com domain in log view warning postfix/smtpd[28557]: warning: permit_tls_clientcerts is requested, but "smtpd_tls_ask_ccert = no" Ples help what this warning and how resolve :oops: Here is the documentation on it. permit_tls_clientcerts Permit the request when t...
by JDunphy
Fri May 28, 2021 2:03 pm
Forum: Administrators
Topic: Sporadic account auth failure / timeout
Replies: 12
Views: 3895

Re: Sporadic account auth failure / timeout

You might verify if memcached is crashed or other by issuing a command to it... Example: % telnet 127.0.0.1 11211 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. stats items STAT items:3:number 3 STAT items:3:number_hot 0 STAT items:3:number_warm 1 STAT items:3:number_cold 2 ST...
by JDunphy
Fri May 21, 2021 4:08 pm
Forum: Administrators
Topic: Another Letsencrypt method
Replies: 118
Views: 253512

Re: Another Letsencrypt method

I switched to the new chain from letsencrypt (good thru 2035) which uses their own root to sign their certificates in contrast to the IdenTrust intermediate that was used previously and is expiring in Sept 2021. First a little background but the switch is only 3 lines and listed below for TL;DR folk...

Go to advanced search