Renew SSL sussesfull but check ssl is not update

thevan · December 23, 2017, 2:02am

Hi all,

I using Zimbra as mail server. My domain is: mail.diamondbaycondotelresort.vn.

I ran this command: ./letsencrypt-auto certonly --standalone --renew-by-default -d mail.diamondbaycondotelresort.vn

The logs report sussesfull:

2017-12-22 13:19:45,351:DEBUG:certbot.storage:Writing new config /etc/letsencrypt/renewal/mail.diamondbaycondotelresort.vn.conf.new.
2017-12-22 13:19:45,355:DEBUG:certbot.reporter:Reporting to user: Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mail.diamondbaycondotelresort.vn/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mail.diamondbaycondotelresort.vn/privkey.pem
Your cert will expire on 2018-03-22. To obtain a new or tweaked version of this certificate in the future, simply run letsencrypt-auto again. To non-interactively renew all of your certificates, run “letsencrypt-auto renew”

But i use sslchecker (sslshopper.com) is not update, my ssl still expire

What happen

jared.m · December 23, 2017, 2:29am

Certbot with the certonly option will renew the certificate, but it won’t apply it. You’ll need to follow the procedure for applying the new certificate to your server. Usually this simply requires reloading its configuration, assuming the renewed cert is in the same location as the old one (with Certbot, it ill be in most cases.)

Once you determine which command reloads your server, you can accomplish this automatically upon renewal by using the --renewal-hook or --post-hook flags.

rg305 · December 23, 2017, 7:24am

Installing a certificate in a Zimbra mail server is not a simple process.
As you have managed to do so and also renewed it…

Maybe you could share your findings and the procedure that worked for you - for others that may encounter a similar difficulty.

thevan · December 23, 2017, 8:44am

Thanks Jared,

I try using the -renewal-hook, --post-hook but not working. I’ll try another way.

thevan · December 23, 2017, 8:57am

Hi rg305,

My way:

zmproxyctl stop
zmmailboxdctl stop
./letsencrypt-auto certonly --standalone --renew-by-default -d mail.diamondbaycondotelresort.vn
Open file chain.pem
- If your chain.pem have 02 certificated >>> Pass it >>> Close
- If your chain.pem have 01 certificated >>> add more once >>> https://www.identrust.com/certificates/trustid/root-download-x3.htm
/opt/zimbra/bin/zmcertmgr verifycrt comm privkey.pem cert.pem chain.pem (as zimbra user)
/opt/zimbra/bin/zmcertmgr deploycrt comm cert.pem chain.pem

Another way, I call this way Clear-All ^^

remove folder /etc/letsencrypt/live/your domain/
remove all certificated /opt/zimbra/ssl/letsencrypt/
User this guide https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate >>> we’ll start over

system · January 22, 2018, 8:57am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal -- Nginx? Zimbra? Help	4	801	June 3, 2023
Zimbra Certificate fails to renew Help	3	1301	June 10, 2021
Zimbra renewal - Problems with R3 Help	55	15510	December 10, 2021
Zimbra SSL update	2	4404	March 4, 2016
Unable to renew Help	11	789	March 2, 2019

Renew SSL sussesfull but check ssl is not update

Related topics