Difference between revisions of "Zimbra tls certificates"

From UVOO Tech Wiki
Jump to navigation Jump to search
(Created page with "Include on certbot ``` --preferred-chain "ISRG Root X1" --force-renewal ``` ``` wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt cat /tmp/ISRG-X1.pe...")
 
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
Include on certbot
+
## Error
 
```
 
```
--preferred-chain "ISRG Root X1" --force-renewal
+
        Starting ldap...Done.
 +
Unable to start TLS: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed when connecting to ldap master.
 
```
 
```
  
 +
Include on certbot might be needed
 +
- https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate
 +
```
 +
--preferred-chain "ISRG Root X1" --force-renewal
 
```
 
```
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
 
cat /tmp/ISRG-X1.pem >> /opt/zimbra/ssl/zimbra/commercial/chain.pem
 
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ss
 
l/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem
 
  
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/cert.pem /opt/zimbra/ssl/zimbra/commercial/chain.pem
+
- commercial.crt
 
+
- commercial.key
zmcontrol restart
+
- commerical.chain.pem
 +
- Not sure if you can use full chain
  
 +
```
 +
#!/bin/bash
 +
set -eu
 +
cp * /opt/zimbra/ssl/zimbra/commercial/
 +
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
 +
cat /tmp/ISRG-X1.pem >> /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem
 +
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
 +
sudo -H -u zimbra bash -c "cd /opt/zimbra && /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
 +
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcontrol restart"
 
```
 
```

Latest revision as of 04:18, 24 December 2024

Error

        Starting ldap...Done.
Unable to start TLS: SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed when connecting to ldap master.

Include on certbot might be needed - https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate 

--preferred-chain "ISRG Root X1" --force-renewal
  • commercial.crt
  • commercial.key
  • commerical.chain.pem
  • Not sure if you can use full chain
#!/bin/bash
set -eu
cp * /opt/zimbra/ssl/zimbra/commercial/
wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt
cat /tmp/ISRG-X1.pem >> /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
sudo -H -u zimbra bash -c "cd /opt/zimbra && /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.crt /opt/zimbra/ssl/zimbra/commercial/commercial.chain.pem"
sudo -H -u zimbra bash -c "/opt/zimbra/bin/zmcontrol restart"
Retrieved from "https://tech.uvoo.io/index.php?title=Zimbra_tls_certificates&oldid=5428"