Problem with Zimbra

My domain is: mail.jppozzi.dyndns.org
I get the new certificate (number 14 in etc/letsencrypt/archive/mail.jppozzi.dyndns.org), all went OK.
When I want to have Zimbra verify the files I get an error while verifying all the files with the command :
zmcertmgr verifycrt comm privkey.pem cert.pem fullchain.pem
The result is some weird messages :

** Verifying 'cert.pem' against 'privkey.pem'
Certificate 'cert.pem' and private key 'privkey.pem' match.
** Verifying 'cert.pem' against 'fullchain.pem'
ERROR: Unable to validate certificate chain: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup: unable to get issuer certificate
error cert.pem: verification failed

I test also with chain.pem instead of fullchain.pem with the same results ...
It is the first time I have a problem with the certificates ...
What is the solution ...

Regards

1 Like

zimbra needs nonstandard format for certificate chain:
certbot chain.pem + whatever root certificate it requests. (not sure it need to be system's trust store into too)

3 Likes

Please review their recommendation:
Installing a LetsEncrypt SSL Certificate - Zimbra :: Tech Center

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.