Hi everyone, I'm having a problem with renewing a let's encrypt certificate on a zimbra server:
the certbot renew command worked fine, returning the renewal to me, but on the zimbra server, it still does not see the renewed one but always the expired one; in a guide that I am following, at the command / opt / zimbra / bin / zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem I get the error:
root @ zimbra: ~ # / opt / zimbra / bin / zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
zmcertmgr: ERROR: no longer runs as root!
root @ zimbra: ~ # su zimbra
zimbra @ zimbra: / root $ / opt / zimbra / bin / zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem
** Verifying 'cert.pem' against 'privkey.pem'
ERROR: Can't read file 'privkey.pem'
ERROR: Can't read file 'cert.pem'
What can I check to correct this error? thank you all for your availability
It seems you were trying to run the command zimbra@zimbra:/root$ which doesn't work of course. Probably a copy/paste error from the line above the su command.
Zimbra is a very... unique beast.
You will need to leave the original files untouched so that the ACME client can proceed with future renewals unaffected.
So you must copy the needed files to another location.
Then chown them to the zimbra user.
Run all zmcertmgr commands as zimbra user referencing only the file copies (not their originals).
Thanks rg for the answer, I have also seen other threads where you have solved several problems with zim ra .. we hope you can give me an amno on this problem too: D
Having said that, in the folder /etc/letsencrypt/archive/zimbra.adm-srl.it I have various certificates numbered with the number of renewals carried out, the new ones only the numbers 3. In this case, I copy ONLY the numbers 3 and insert them in a new folder giving it zimbra permissions via chown? then the next command will be / opt / zimbra / bin / zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem but how can I tell it to "check" the files copied to the new folder just created?
If it helps, I changed the permissions on the "links" of cert chain fullchain and privkey cp with the command chown -R zimbra: zimbra.
This way I noticed that the error has changed (I believe that for some strange reason, zimbra wants the connections to have the privileges of the zimbra user as well. Place the new error:
Ok, the files to be copied will be the files with the 3 at the end anyway? let's say I create a folder under / opt = / opt / cert
the command will be:
opt/zimbra/bin/zmcertmgr verifycrt comm /opt/cert/privkey3.pem cert3.pem chain3.pem
Ok, I created a new folder / opt / cert I copied the links chain.pem cert.pem and privkey.pem from / etc / letsencrypt / archive /zimbra.adm-srl.it to / opt / cert
I gave zimbra permissions with the command chown -R / opt / cert / *
I redid the command correctly, but an error always comes out:
@vettalex
Making progress.
Now the O/S needs to be updated to know about the root cert "ISRG Root X1"
Try: sudo apt update sudo apt-get update sudo apt install ca-certificates
