Zimbra openjdk cacert errors during upgrade

Ask questions about your setup or get help installing ZCS server (ZD section below).
Post Reply
User avatar
ianw1974
Outstanding Member
Outstanding Member
Posts: 229
Joined: Sat Sep 13, 2014 12:45 am
Location: UK and Poland
Contact:

Zimbra openjdk cacert errors during upgrade

Post by ianw1974 »

Hi,

Is anyone else seeing this when upgrading their 8.815 OSE/FOSS?

Code: Select all

keytool error: java.io.FileNotFoundException: /opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/00eplbi2_h.der.crt (No such file or directory)
/bin/chown: cannot access '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/00eplbi2_h.der.crt': No such file or directory
ERROR: Can't read file '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/00eplbi2_h.der.crt'
keytool error: java.io.FileNotFoundException: /opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/08ljgpei8d.der.crt (No such file or directory)
/bin/chown: cannot access '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/08ljgpei8d.der.crt': No such file or directory
ERROR: Can't read file '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/08ljgpei8d.der.crt'
keytool error: java.io.FileNotFoundException: /opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/0awq5ugutq.der.crt (No such file or directory)
/bin/chown: cannot access '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/0awq5ugutq.der.crt': No such file or directory
ERROR: Can't read file '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/ubuntu14_64/hbuo9a17cf/0awq5ugutq.der.crt'
Does anyone know of a way how to stop these errors from occuring? I noticed this also when an update went out I think last week as well. Previously it never occurred, and I never saw such output. Everything works, I'm just curious as to why it suddenly started to happen?

There are successful messages as well, for example:

Code: Select all

Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/my_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/my_ca.crt' as 'zcs-user-my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/zcs-user-ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/zcs-user-ca.crt' as 'zcs-user-zcs-user-ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/my_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/my_ca.crt' as 'zcs-user-my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-ca.crt' as 'zcs-user-zcs-user-ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-commercial_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.18.04/zcs-user-commercial_ca.crt' as 'zcs-user-zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.6-1zimbra8.7b1.18.04/my_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.6-1zimbra8.7b1.18.04/my_ca.crt' as 'zcs-user-my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/my_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/my_ca.crt' as 'zcs-user-my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-my_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-my_ca.crt' as 'zcs-user-zcs-user-my_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-zcs-user-ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-zcs-user-ca.crt' as 'zcs-user-zcs-user-zcs-user-ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
** NOTE: restart mailboxd to use the imported certificate.
Certificate stored in file </opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-zcs-user-commercial_ca.crt>
** Importing cert '/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.7-1zimbra8.7b1.18.04/zcs-user-zcs-user-commercial_ca.crt' as 'zcs-user-zcs-user-zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts'
It doesn't seem to have any ill effects on the system, as I have restarted Zimbra and all services do come up? But it's rather disturbing.
mfehr
Advanced member
Advanced member
Posts: 72
Joined: Fri Sep 12, 2014 11:25 pm

Re: Zimbra openjdk cacert errors during upgrade

Post by mfehr »

Hi,

Same here. It happened when I upgraded September 26 as well as today, October 3rd applying apt-get --with-new-pkgs upgrade on Ubuntu 18.04

Observations:

1. The directory /opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/ does not include a tmp directory (at least not after the upgrade)

2. After applying the upgrade September 26, I didn't notice an issue running zimbra for a week.

However, error messages always are a sign that something does not work as expected. Therefore, I am interested to understand what the issue is.
User avatar
jered
Advanced member
Advanced member
Posts: 53
Joined: Sat Sep 13, 2014 12:35 am
Location: Somerville, MA

Re: Zimbra openjdk cacert errors during upgrade

Post by jered »

Oops; I made a duplicate thread here: viewtopic.php?f=13&t=70002
User avatar
ianw1974
Outstanding Member
Outstanding Member
Posts: 229
Joined: Sat Sep 13, 2014 12:45 am
Location: UK and Poland
Contact:

Re: Zimbra openjdk cacert errors during upgrade

Post by ianw1974 »

As a side note, not sure if this is related to this, but the procedure outlined here:

https://wiki.zimbra.com/wiki/How_to_mov ... her_server

also doesn't work anymore and don't know if the openjdk certificate errors are the reason behind it - irrespective of the rsync commands used, or even when making a tar backup. The LDAP errors received as outlined here:

https://wiki.zimbra.com/wiki/Unable_to_ ... ap_masters

appear, so cannot move it to another server anymore. Didn't want to mess with my production one. None of the steps in that last link allow me to get a working installation on a separate server, despite all hostname, DNS configuration, etc being identical to the original server. This used to work, but has now stopped working. Not good.

Was planning upgrading my 8.8.15 to 9.x but don't want to risk it, since I can no longer recover the server.
davidkillingsworth
Outstanding Member
Outstanding Member
Posts: 251
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24

Re: Zimbra openjdk cacert errors during upgrade

Post by davidkillingsworth »

I'm also seeing this when applying the latest patches on the following:

Ubuntu 18.04.6 LTS
Release 8.8.15.GA.3829.UBUNTU14.64 UBUNTU18_64 FOSS edition, Patch 8.8.15_P27

I also saw it with the previous patch a couple of months ago.
Labsy
Outstanding Member
Outstanding Member
Posts: 411
Joined: Sat Sep 13, 2014 12:52 am

Re: Zimbra openjdk cacert errors during upgrade

Post by Labsy »

Same problem here today in Ubuntu 16.04.7 LTS.
Looks like there's no impact on server or Webmail functionality.
sbourdette
Posts: 6
Joined: Sat Sep 13, 2014 1:56 am

Re: Zimbra openjdk cacert errors during upgrade

Post by sbourdette »

Creating the tmp directory while the upgrade solve the issue

regards
davidkillingsworth
Outstanding Member
Outstanding Member
Posts: 251
Joined: Sat Sep 13, 2014 2:26 am
ZCS/ZD Version: 8.8.15.GA.3869.UBUNTU14.64-Patch 24

Re: Zimbra openjdk cacert errors during upgrade

Post by davidkillingsworth »

sbourdette wrote:Creating the tmp directory while the upgrade solve the issue

regards
Can you elaborate on which tmp dircectory you created and what the exact path was? Please elaborate since this is happening to quite a few of us.

Thanks,
David
User avatar
ianw1974
Outstanding Member
Outstanding Member
Posts: 229
Joined: Sat Sep 13, 2014 12:45 am
Location: UK and Poland
Contact:

Re: Zimbra openjdk cacert errors during upgrade

Post by ianw1974 »

Most likely this:

Code: Select all

/opt/zimbra/.saveconfig/zimbra-openjdk-cacerts-1.0.5-1zimbra8.7b1.14.04/tmp/
but I had others as well, so could mean creating /tmp under every single zimbra-openjdk-cacerts-x.x.x directory if they exist. I cannot test, as I migrated away from Zimbra now due to inability of recovering my server, it just failed to work unlike previously.
BooksRUs
Posts: 5
Joined: Wed Jan 15, 2020 6:19 pm

Re: Zimbra openjdk cacert errors during upgrade

Post by BooksRUs »

Ran into this issue also. After my Panic Attack that the server wasn't going to work again, I found this article! So thanks for that!

I created the tmp folder, but SLAPD wouldn't start.

Be sure to run /opt/zimbra/libexec/zmfixperms in order to fix the permissions on the new folder(s) that you create!
Post Reply