Zimbra Certificate fails to renew

Hi All

Been running my own Zimbra server for a few years now on Ubuntu 16.04.4 LTS and run a script to install and update the lets encrypt certificate from GitHub - YetOpen/certbot-zimbra: Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts

My latest update has failed although it does seem to have downloaded a new cert as says when I rerun the script that Cert not yet due for renewal. Error below, any advise would be appreciated as I really don't have a clue

root@mail:/opt/zimbra/ssl/letsencrypt# /scripts/./force-le.sh

checking if mail.port-22.com expires in less than 29 days

certbot-zimbra v0.7.7 - GitHub - YetOpen/certbot-zimbra: Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts

Checking for dependencies...

Detected Zimbra 8.8.8 on UBUNTU16_64

Using domain mail.port-22.com (as certificate DN)

Preparing certificates for deployment.

Testing with zmcertmgr.

** Verifying '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' against '/run/certbot-zimbra/certs-qGX9ITuN/privkey.pem'

Certificate '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' and private key '/run/certbot-zimbra/certs-qGX9ITuN/privkey.pem' match.

** Verifying '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' against '/run/certbot-zimbra/certs-qGX9ITuN/zimbra_chain.pem'

ERROR: Unable to validate certificate chain: /run/certbot-zimbra/certs-qGX9ITuN/cert.pem: C = US, O = Internet Security Research Group, CN = ISRG Root X1

error 2 at 2 depth lookup:unable to get issuer certificate

An error seems to have occurred. Please read the output above for clues and try to rectify the situation.

If you believe this is an error with the script, please file an issue at GitHub - YetOpen/certbot-zimbra: Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts.

This is most likely a bug in the Zimbra application, also see Is this an issue with the script · Issue #129 · YetOpen/certbot-zimbra · GitHub

It seems that the application cannot handle the new chain. Let's Encrypt is using a new certificate chain since a few days and it seems that this is giving Zimbra trouble.

Thanks. Issue #129 was me as thought it may well be an issue with their script that needs revising

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.