problema zimbra certificado caducado ldap no levanta
Posted: Fri Sep 14, 2018 5:04 pm
Saludos amigos tengo un servidor zimbra donde tenia instalado un certificado letscript, este certificado caduco lo renové y a partir de esto zimbra no se levanta tenia varios errores que los he ido arreglando pero ahora tengo uno que no levanta, pensé que era problema del certificado letscrpt generé un auto firmado pero aún así no levanta, el mensaje de erros que tengo es este
Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.
He revisado las zonas el archivo /etc/host el hostname y esta todo bien paso a detallar lo que realice
Paso 1
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createca -new
** Creating directory '/opt/zimbra/ssl/zimbra'
** Creating directory '/opt/zimbra/ssl/zimbra/ca'
** Creating directory '/opt/zimbra/ssl/zimbra/commercial'
** Creating directory '/opt/zimbra/ssl/zimbra/server'
** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'
** Touching file '/opt/zimbra/ssl/.rnd'
** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf
** Retrieving CA private key from LDAP... failed
** Creating CA with new private key /opt/zimbra/ssl/zimbra/ca/ca.key
Generating a 2048 bit RSA private key
Paso 2
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20180910143551
** Recreating /opt/zimbra/conf/zmssl.cnf
** Generating a server CSR of type 'self' for download
** Using CA cert in '/opt/zimbra/ssl/zimbra/ca/ca.pem'
** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
** Retrieving Commercial CA cert from LDAP... failed
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr with keysize=2048 digest=sha256
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domain.com...failed (rc=1)
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr
Paso 3
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.com...failed (rc=1)
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/73cb7729.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '73cb7729.0' -> 'ca.pem'
Paso 4
zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deployca
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=1)
Paso 5
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- ldap: /opt/zimbra/conf/slapd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mta: /opt/zimbra/conf/smtpd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- proxy: /opt/zimbra/conf/nginx.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
Paso 6
[zimbra@mail ~]$ zmcontrol start
Host mail.domain.com
Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.
[zimbra@mail ~]$
Agradezco a todos quienes puedan guiarme cual puede ser el problema ya que he pasado 4 día intentando de todo y no logro resolver este problema
Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.
He revisado las zonas el archivo /etc/host el hostname y esta todo bien paso a detallar lo que realice
Paso 1
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createca -new
** Creating directory '/opt/zimbra/ssl/zimbra'
** Creating directory '/opt/zimbra/ssl/zimbra/ca'
** Creating directory '/opt/zimbra/ssl/zimbra/commercial'
** Creating directory '/opt/zimbra/ssl/zimbra/server'
** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'
** Touching file '/opt/zimbra/ssl/.rnd'
** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf
** Retrieving CA private key from LDAP... failed
** Creating CA with new private key /opt/zimbra/ssl/zimbra/ca/ca.key
Generating a 2048 bit RSA private key
Paso 2
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20180910143551
** Recreating /opt/zimbra/conf/zmssl.cnf
** Generating a server CSR of type 'self' for download
** Using CA cert in '/opt/zimbra/ssl/zimbra/ca/ca.pem'
** Using CA private key in '/opt/zimbra/ssl/zimbra/ca/ca.key'
** Retrieving Commercial CA cert from LDAP... failed
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr with keysize=2048 digest=sha256
** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer mail.domain.com...failed (rc=1)
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr
Paso 3
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer mail.domain.com...failed (rc=1)
** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/slapd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/slapd.key'
** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12'
** Creating keystore '/opt/zimbra/mailboxd/etc/keystore'
** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/smtpd.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/smtpd.key'
** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key'
** Copying '/opt/zimbra/ssl/zimbra/server/server.crt' to '/opt/zimbra/conf/nginx.crt'
** Copying '/opt/zimbra/ssl/zimbra/server/server.key' to '/opt/zimbra/conf/nginx.key'
** NOTE: restart services to use the new certificates.
** Cleaning up 3 files from '/opt/zimbra/conf/ca'
** Removing /opt/zimbra/conf/ca/ca.key
** Removing /opt/zimbra/conf/ca/ca.pem
** Removing /opt/zimbra/conf/ca/73cb7729.0
** Copying CA to /opt/zimbra/conf/ca
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key'
** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem'
** Creating CA hash symlink '73cb7729.0' -> 'ca.pem'
Paso 4
zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr deployca
** Saving config key 'zimbraCertAuthorityCertSelfSigned' via zmprov modifyConfig...failed (rc=1)
Paso 5
[zimbra@mail ~]$ /opt/zimbra/bin/zmcertmgr viewdeployedcrt
- ldap: /opt/zimbra/conf/slapd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- mta: /opt/zimbra/conf/smtpd.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
- proxy: /opt/zimbra/conf/nginx.crt
notBefore=Sep 10 19:35:53 2018 GMT
notAfter=Sep 10 19:35:53 2019 GMT
subject= /OU=Zimbra Collaboration Server/CN=mail.domain.com
issuer= /O=CA/OU=Zimbra Collaboration Server/CN=mail.domain.com
SubjectAltName=mail.domain.com
Paso 6
[zimbra@mail ~]$ zmcontrol start
Host mail.domain.com
Connect: Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn't exist.
[zimbra@mail ~]$
Agradezco a todos quienes puedan guiarme cual puede ser el problema ya que he pasado 4 día intentando de todo y no logro resolver este problema