I´m new on this sorry about my question... I need to install letsencrypt in Ubuntu 18.04.6 LTS for Zimbra 8.8.15... I´m doing this several times and get the same error about the certificate is out of date 30/09/2021... how can I get the new (binaries) of the installation that takes new certificates and not the oldones????
Thanks for your patience on answer me!!!
Your issues are likely related to one or more of:
- The android chain solution
- Out-of-date OpenSSL, and/or Certbot installations
You need to do two things if you haven't already:
- Upgrade OpenSSL on your system to the latest version
- Install Certbot from snapd (Certbot - Ubuntubionic Other)
By default, LetsEncrypt serves an expired chain to support old Android devices that do not check for expiry dates. Many other software/platforms will ignore the expired chain, and automatically build their own trust path to the current certificates.
An upgrade to OpenSSL was released this summer and backported to older operating systems, to enable the behavior of automatically building alternate trust chains.
If upgrading that software does not work, then you may have a compatibility issue in Zimbra or something else. If that is the case, you can use the
--preferred-chain PREFERRED_CHAIN command in Certbot to specify the "new" chain, which goes directly to the ISRG root -- however this will not be compatible with older devices*.
*The end-certificates are actually the same, so you can download the new chain from Chain of Trust - Let's Encrypt and specify that in your config files to test.
You can also add a third item:
- Make sure your
ca-certificates package is up to date, i.e. a version from 2016 or later.
Hi @jvanasco many thanks for your prompt reply...
I have this version of openssl: OpenSSL 1.1.1l FIPS 24 Aug 2021. I will try again the installation... I will let you know!!!
Thanks a lot!!!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.