Hi can anyone help me?
I use Zimbra Release 8.8.15_GA_3869.RHEL7_64_20190917004220 RHEL7_64 FOSS edition, Patch 8.8.15_P30\
it's time to update the letsencrypt certificate after 90 days, but have a problem:
su - zimbra -c "zmcertmgr verifycrt comm
> /opt/zimbra/ssl/zimbra/commercial/privkey.pem
> /opt/zimbra/ssl/zimbra/commercial/cert.pem
> /opt/zimbra/ssl/zimbra/commercial/chain.pem"
** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
Certificate '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.
** Verifying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt'
ERROR: Unable to validate certificate chain: CN = mail.mydomane
error 10 at 0 depth lookup: certificate has expired
------------------------------------------------------------------------------------------------
I update previous certs and this according to this instruction:
/opt/letsencrypt/letsencrypt-auto renew
cp /etc/letsencrypt/live/mail.mydomain/* /opt/zimbra/ssl/zimbra/commercial/
chown zimbra /opt/zimbra/ssl/zimbra/commercial/*
cd /opt/zimbra/ssl/zimbra/commercial
wget https://letsencrypt.org/certs/isrgrootx1.pem.txt
wget https://letsencrypt.org/certs/letsencry ... x3.pem.txt
echo "-----BEGIN CERTIFICATE-----" > new_chain.pem
openssl x509 -in chain.pem -outform der | base64 -w 64 >> new_chain.pem
echo "-----END CERTIFICATE-----" >> new_chain.pem
mv new_chain.pem chain.pem
cat isrgrootx1.pem.txt >> chain.pem
cat letsencryptauthorityx3.pem.txt >> chain.pem
su - zimbra -c "zmcertmgr verifycrt comm
/opt/zimbra/ssl/zimbra/commercial/privkey.pem
/opt/zimbra/ssl/zimbra/commercial/cert.pem
/opt/zimbra/ssl/zimbra/commercial/chain.pem"
mv privkey.pem commercial.key
su - zimbra -c "zmcertmgr deploycrt comm
/opt/zimbra/ssl/zimbra/commercial/cert.pem
/opt/zimbra/ssl/zimbra/commercial/chain.pem"
su - zimbra -c "zmcontrol restart"
unable to validate letsencrypt certificate
Re: unable to validate letsencrypt certificate
you saved my day - after ten hours of all sorts of errors trying to deploy a valid certificate
(the last one was "error 2 at 2 depth lookup:unable to get issuer certificate")
thank you
anton
(the last one was "error 2 at 2 depth lookup:unable to get issuer certificate")
thank you
anton
- dominix
- Advanced member
- Posts: 51
- Joined: Sat Sep 13, 2014 1:07 am
- Location: Pacific sud
- ZCS/ZD Version: 7.2.7 ... 8.8.15 ... 9.0.0
Re: unable to validate letsencrypt certificate
Code: Select all
echo "-----BEGIN CERTIFICATE-----" > new_chain.pem
openssl x509 -in chain.pem -outform der | base64 -w 64 >> new_chain.pem
echo "-----END CERTIFICATE-----" >> new_chain.pem
why not use instead :
Code: Select all
openssl x509 -in chain.pem -outform pem > new_chain.pem