Been running my own Zimbra server for a few years now on Ubuntu 16.04.4 LTS and run a script to install and update the lets encrypt certificate from GitHub - YetOpen/certbot-zimbra: Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts
My latest update has failed although it does seem to have downloaded a new cert as says when I rerun the script that Cert not yet due for renewal. Error below, any advise would be appreciated as I really don't have a clue
checking if mail.port-22.com expires in less than 29 days
Checking for dependencies...
Detected Zimbra 8.8.8 on UBUNTU16_64
Using domain mail.port-22.com (as certificate DN)
Preparing certificates for deployment.
Testing with zmcertmgr.
** Verifying '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' against '/run/certbot-zimbra/certs-qGX9ITuN/privkey.pem'
Certificate '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' and private key '/run/certbot-zimbra/certs-qGX9ITuN/privkey.pem' match.
** Verifying '/run/certbot-zimbra/certs-qGX9ITuN/cert.pem' against '/run/certbot-zimbra/certs-qGX9ITuN/zimbra_chain.pem'
ERROR: Unable to validate certificate chain: /run/certbot-zimbra/certs-qGX9ITuN/cert.pem: C = US, O = Internet Security Research Group, CN = ISRG Root X1
error 2 at 2 depth lookup:unable to get issuer certificate
An error seems to have occurred. Please read the output above for clues and try to rectify the situation.
If you believe this is an error with the script, please file an issue at GitHub - YetOpen/certbot-zimbra: Automated letsencrypt/certbot certificate request and deploy script for Zimbra hosts.