Hello,
I m trying to install a Letsencrypt certificate on my brand new Ubuntu 20.04 server and it does not work, the certificate is refusee with a message :
ERROR: Unable to validate certificate chain: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup: unable to get issuer certificate
error cert.pem: verification failed
On my old system (16.04) the certificates were installed without any problem ... until the last one.
The ISRG certificate seems to be OK :
ISRG_Root_X1.pem -> /usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt
Any help will be welcome
Letsencrypt Cert refused
Re: Letsencrypt Cert refused
Hello,
My problem is always there, even if I upgrade my system to Ubuntu 20.04 LTS and use the last certbot version :
certbot --version
certbot 1.26.0
The problem is always there when I try to verify the cert :
zmcertmgr verifycrt self privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'fullchain.pem'
ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R3
error 2 at 1 depth lookup: unable to get issuer certificate
error cert.pem: verification failed
I try with "fullchain.pem" instead of "chain.pem", the result is always the same,
I try to copy the "ISRG_Root_X1.pem" to "/opt/zimbra/ssl/letsencrypt" with the same error !
Please help.
PS : I use letsencrypt certs since years and never had a problem, I was with Ubuntu 16.04 and
I upgrade to 20.04 in 2021/08 just before the "september certficate problem" and I have not
succeeded in upgrading the certificate since october.
My problem is always there, even if I upgrade my system to Ubuntu 20.04 LTS and use the last certbot version :
certbot --version
certbot 1.26.0
The problem is always there when I try to verify the cert :
zmcertmgr verifycrt self privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'fullchain.pem'
ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R3
error 2 at 1 depth lookup: unable to get issuer certificate
error cert.pem: verification failed
I try with "fullchain.pem" instead of "chain.pem", the result is always the same,
I try to copy the "ISRG_Root_X1.pem" to "/opt/zimbra/ssl/letsencrypt" with the same error !
Please help.
PS : I use letsencrypt certs since years and never had a problem, I was with Ubuntu 16.04 and
I upgrade to 20.04 in 2021/08 just before the "september certficate problem" and I have not
succeeded in upgrading the certificate since october.
Re: Letsencrypt Cert refused
It is done, all is OK now, it was only a bad character in the hostname !
But messages are not very clear :
But messages are not very clear :
- barrydegraaff
- Zimbra Employee
- Posts: 242
- Joined: Tue Jun 17, 2014 3:31 am
- Contact:
Re: Letsencrypt Cert refused
For everyone else having issues with Let's Encrypt please follow the step-by-step guide at https://wiki.zimbra.com/wiki/Installing ... ertificate
--
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Barry de Graaff
Email: barry.degraaff [at] synacor [dot] com
Admin of Zimbra-Community Github: https://github.com/orgs/Zimbra-Community/ and the
Zimlet Gallery https://gallery.zetalliance.org/extend/
Re: Letsencrypt Cert refused
I've been using this script https://github.com/VojtechMyslivec/letsencrypt-zimbra for years now, the only time it failed was when the older root certificate expired last year and got replaced with ISRG Root X1. It automates the whole thing, the setup is simple and it's robust.