Zimbra tls certificates

From UVOO Tech Wiki
Jump to navigation Jump to search

Error

        Starting ldap...Done.
Unable to start TLS: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed when connecting to ldap master.

Include on certbot might be needed - https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate 

--preferred-chain "ISRG Root X1" --force-renewal
  • commercial.crt
  • commercial.key
  • commerical.chain.pem
  • Not sure if you can use full chain
#!/bin/bash
set -eu
cp * /opt/zimbra/ssl/zimbra/commercial/
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
sudo -H -u zimbra bash -c "cd /opt/zimbra && /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcontrol restart"
Retrieved from "https://tech.uvoo.io/index.php?title=Zimbra_tls_certificates&oldid=5428"