Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
It produced this output: ** Verifying ‘cert.pem’ against ‘privkey.pem’
Certificate ‘cert.pem’ and private key ‘privkey.pem’ match.
** Verifying ‘cert.pem’ against ‘chain.pem’
ERROR: Unable to validate certificate chain: cert.pem: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X3
error 2 at 1 depth lookup:unable to get issuer certificate
My web server is (include version): This is a Zimbra mail server 8.7
The operating system my web server runs on is (include version): CentOS 7
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): I have access to my Zimbra admin panel
su zimbra cd /certs#location where pem files are located /opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem cp privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.pem /opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem
The issue is i am unable to sing chain.pem with the X3 Root CA chain as the link to where the chain use to be is not available anymore. Check link below:
I posted some information on a previous thread about Zimbra:
although I didn't get any feedback from that person as to whether it worked for them... anyway you can find a command to download the Identrust root there, at least.
Thank you so much for the link and the help. You actually saved my life. The command you gave me worked and I was able to get the root chain as you had explained.
Now all is working fine and the ZImbra server is back to normal operation. And also I learned that after the initial lets encrypt installation, the LDAP service does not start, the following commends helped me. For you reference:
I don’t know how you did it (I mean I do, I ran you script manually) but you’ve successfully ended my 2 days of trying to install the certificates in zimbra. I made an account just to thank you!