Zimbra + "ISRG Root X1"

I'm trying to renew our email server certificates, while doing that, I noticed the steps have been updated. Following the new steps, where we should --force-renewal --preferred-chain "ISRG Root X1", I had problems in the first verification: /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/ commercial.key /etc/letsencrypt/live/mydomain/cert.pem /etc/letsencrypt/live/mydomain/chain.pem

I ask for help please. I'm working on our production server.

Hi @algyadamo and welcome to the LE community forum :slight_smile:

It seems your server may not have the latest ca-certificates installed.
Please do:
sudo apt-get update
sudo apt update

Then show the output of:
sudo apt install ca-certificates openssl

You need to update the script to copy the cert files to another location where zimbra user can have access to them. [do not modify the original cert files]

1 Like

Thanks for your reply @rg305 .
I'm sorry I was trying several other options before seeing your answer unfortunately. Now I think my situation has gotten worse

What would be the solution for me now? :frowning_face: :expressionless:

1 Like

letsencrypt-auto is very old and has been deprecated.
[Too old to understand the parameter "--preferred-chain".]

And yes, the situation has not gotten any better: You now have issued too many certs in the past 7 days.

@rg305 So what can I do now? :cry:

Affliction gripped me, and I didn't realize there were limits on renewing certificates.
Look, this is our production server.

@algyadamo
Have you read my last post?

Yes. Are you referring to this post?
Should I try again without "--preferred-chain"?

This part of it:

Thank you @rg305 I found my mistake:

my chain.pem had three keys, I removed one and everything was fine.

1 Like