Unable to locally verify the issuer's authority


#1

Please fill out the fields below so we can help you better.

My domain is:mail.juggernaut.ursolutions.ph
I ran this command: wget https://xmpp.juggernaut.ursolutions.ph
It produced this output: ERROR: cannot verify xmpp.juggernaut.ursolutions.ph’s certificate, issued by ‘/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3’:
Unable to locally verify the issuer’s authority.
My operating system is (include version): CentOS 7
My web server is (include version): Zimbra 8.7
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

We are doing a PoC of Zimbra Talk, this requires two separate nodes. The Mail server is a Zimbra server on a CentOS machine, and the Talk server is on Ubuntu 14

I installed the LE cert on the Talk server, and a StartSSL cert on the Zimbra as I was having issues implementing LE on the Zimbra server.

Zimbra Support asked us to initiate the wget command above. Further reading says that I have to install intermediate certificates on the Zimbra side? How do I install it if I am using a StartSSL cert?


#2

You’ll have to serve the certificate chain: either use and cert.pem and chain.pem, or use fullchain.pem as the certificate. This depends on the software used.


#3

Judging by the description in

https://wiki.zimbra.com/wiki/How_to_install_Zimbra_Talk_using_a_LetsEncrypt_SSL_Certificate

You should use fullchain.pem with this software, if you have chosen cert.pem you will need to update the Zimbra configuration to replace cert.pem with fullchain.pem


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.