I have two Zimbra servers both with automated renewal scripts set up. They are identical in function but one works and one does not.
Server that works:
Server that doesn't
I am unable to run any yum commands on the CentOS 8 box due to the discontinuation of support and the live repos and I have not attempted to fix that yet. I don't know if this is a Certbot version issue or not, but here is what is happening:
I run the command: certbot renew --preferred-chain "ISRG Root X1"
on BOTH servers and it gets the renewal certs and places them in the /etc/live// directory.
On the one that is working my chain.pem file contains only ONE cert (not sure which one just that it has only one)
On the one that is not working my chain.pem file contains TWO certs.
Part of deploying my certificate with Zimbra is concatenating the root certificate onto the end of the chain file and then running Zimbra's deploy command. If I do that as-is the deploy fails but if I delete the SECOND certificate in the chain file before adding the root certificate to it then it will deploy successfully.
So the million dollar question is why does one server get only a single cert in chain.pem while the other gets two when running the same renewal command on BOTH?