I'm trying to renew our email server certificates, while doing that, I noticed the steps have been updated. Following the new steps, where we should --force-renewal --preferred-chain "ISRG Root X1", I had problems in the first verification: /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/ commercial.key /etc/letsencrypt/live/mydomain/cert.pem /etc/letsencrypt/live/mydomain/chain.pem
Hi @algyadamo and welcome to the LE community forum
It seems your server may not have the latest ca-certificates installed.
Please do: sudo apt-get update sudo apt update
Then show the output of: sudo apt install ca-certificates openssl
You need to update the script to copy the cert files to another location where zimbra user can have access to them. [do not modify the original cert files]
Thanks for your reply @rg305 .
I'm sorry I was trying several other options before seeing your answer unfortunately. Now I think my situation has gotten worse