So upgrading from 5.0.1 to 5.0.10 wiped my commercial certs.
I reissued the CSR using All Servers and got new certs from godaddy. I have tried EVERYTHING and nothing is working. I have read all the treads about using ALL servers (which I am) and using different combinations of certs that godaddy sends you (I have) and I still get the error
Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.
I have read that people tried the command line method, but I have too and most of them are for 4.x versions. PLEASE HELP IF YOU CAN:eek:
Commercial certificate woes
-
- Outstanding Member
- Posts: 993
- Joined: Fri Sep 12, 2014 10:41 pm
Commercial certificate woes
I know you say you've tried everything, but in my experience (and I have been on this forum for a little while) the search engine rarely helps me find just that part of "everything" that I'm actually looking for, even if I'm the one who wrote it. . .. . .so please don't take this as condescending which I'm not trying to be!
But have you tried the steps I described here? Admittedly this was on an earlier 5.x.x release but it worked for me and seems to have worked for some others, and I did see the same error you have described before I did it exactly this way.
Do let us know in as much excruciating detail as possible if you still have problems. . .
But have you tried the steps I described here? Admittedly this was on an earlier 5.x.x release but it worked for me and seems to have worked for some others, and I did see the same error you have described before I did it exactly this way.
Do let us know in as much excruciating detail as possible if you still have problems. . .
Commercial certificate woes
I have tried that and several command line ones. Even the command line ones give the same error.
Commercial certificate woes
Let's make sure there aren't any extra or old files in the way. Please post the output of "ls -laR ~/ssl/". Are you working with zmcertmgr? Run "sudo zmcertmgr -h" for some sample commands.
BTW do you not have any backups of the old keystore and cert files? Check in /opt/zimbra/.saveconfig/
BTW do you not have any backups of the old keystore and cert files? Check in /opt/zimbra/.saveconfig/
Commercial certificate woes
Here is the output. I am sure there are no old files hanging around
[root@metric ssl]# ls -laR *
zimbra:
total 40
drwxr----- 5 root root 4096 Oct 3 12:04 .
drwxr-xr-x 3 zimbra zimbra 4096 Oct 3 12:04 ..
drwxr----- 3 root root 4096 Oct 3 12:04 ca
drwxr----- 2 root root 4096 Oct 3 12:04 commercial
drwxr----- 2 root root 4096 Oct 3 12:04 server
zimbra/ca:
total 72
drwxr----- 3 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r----- 1 root root 708 Oct 3 12:04 ca.csr
-rw------- 1 zimbra root 887 Oct 3 12:04 ca.key
-rw-r--r-- 1 zimbra root 871 Oct 3 12:04 ca.pem
-rw-r--r-- 1 root root 11 Oct 3 12:04 ca.srl
-rwxr----- 1 root root 0 Oct 3 12:04 index.txt
drwxr----- 2 root root 4096 Oct 3 12:04 newcerts
-rw-r----- 1 zimbra zimbra 7677 Oct 3 12:04 zmssl.cnf
zimbra/ca/newcerts:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 3 root root 4096 Oct 3 12:04 ..
zimbra/commercial:
total 32
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r--r-- 1 root root 708 Oct 3 12:04 commercial.csr
-rw-r--r-- 1 root root 891 Oct 3 12:04 commercial.key
zimbra/server:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
And yes I have used zmcertmgr and know how to work with it. It gives the same error.
[root@metric ssl]# ls -laR *
zimbra:
total 40
drwxr----- 5 root root 4096 Oct 3 12:04 .
drwxr-xr-x 3 zimbra zimbra 4096 Oct 3 12:04 ..
drwxr----- 3 root root 4096 Oct 3 12:04 ca
drwxr----- 2 root root 4096 Oct 3 12:04 commercial
drwxr----- 2 root root 4096 Oct 3 12:04 server
zimbra/ca:
total 72
drwxr----- 3 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r----- 1 root root 708 Oct 3 12:04 ca.csr
-rw------- 1 zimbra root 887 Oct 3 12:04 ca.key
-rw-r--r-- 1 zimbra root 871 Oct 3 12:04 ca.pem
-rw-r--r-- 1 root root 11 Oct 3 12:04 ca.srl
-rwxr----- 1 root root 0 Oct 3 12:04 index.txt
drwxr----- 2 root root 4096 Oct 3 12:04 newcerts
-rw-r----- 1 zimbra zimbra 7677 Oct 3 12:04 zmssl.cnf
zimbra/ca/newcerts:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 3 root root 4096 Oct 3 12:04 ..
zimbra/commercial:
total 32
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r--r-- 1 root root 708 Oct 3 12:04 commercial.csr
-rw-r--r-- 1 root root 891 Oct 3 12:04 commercial.key
zimbra/server:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
And yes I have used zmcertmgr and know how to work with it. It gives the same error.