Can't validate cert in Zimbra

My domain is:

I ran this command (Zimbra specific) :
zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem

It produced this output:
*** Verifying 'cert.pem' against 'privkey.pem'*
Certificate 'cert.pem' and private key 'privkey.pem' match.
*** Verifying 'cert.pem' against 'chain.pem'*
ERROR: Unable to validate certificate chain: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup: unable to get issuer certificate
error cert.pem: verification failed

My web server is (include version): It is not a single webserver it is a Zimbra installation up to date and the cert is used for many connections.

The operating system my web server runs on is : Ubuntu 16.04

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is : certbot 0.31.0

It is not the first time I renew a certificate, my cert in the number 15 in the /etc/letsencrypt/archive :
-rw-r--r-- 1 root root 1704 déc. 12 12:37 privkey15.pem
-rw-r--r-- 1 root root 5616 déc. 12 12:37 fullchain15.pem
-rw-r--r-- 1 root root 3750 déc. 12 12:37 chain15.pem
-rw-r--r-- 1 root root 1866 déc. 12 12:37 cert15.pem

I have some other certificates renewed on november 11 with no problem, they are used with an apache server.

I try many times with no success ....



1 Like

Please update ca-certificates
apt update && apt install ca-certificates



I have done it with no success, I,even, copy all certificates from
another machine with no success.
Could it be a problem with the SSL libs or something like ?


JP Pozzi

Have a look at their recommendation:
Installing a LetsEncrypt SSL Certificate - Zimbra :: Tech Center

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.