I'm trying to renew our email server certificates, while doing that, I noticed the steps have been updated. Following the new steps, where we should --force-renewal --preferred-chain "ISRG Root X1", I had problems in the first verification: /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/ commercial.key /etc/letsencrypt/live/mydomain/cert.pem /etc/letsencrypt/live/mydomain/chain.pem
I ask for help please. I'm working on our production server.
Hi @algyadamo and welcome to the LE community forum 
It seems your server may not have the latest ca-certificates installed.
Please do:
sudo apt-get update
sudo apt update
Then show the output of:
sudo apt install ca-certificates openssl
You need to update the script to copy the cert files to another location where zimbra user can have access to them. [do not modify the original cert files]
Thanks for your reply @rg305 .
I'm sorry I was trying several other options before seeing your answer unfortunately. Now I think my situation has gotten worse
What would be the solution for me now? 
letsencrypt-auto is very old and has been deprecated.
[Too old to understand the parameter "--preferred-chain".]
And yes, the situation has not gotten any better: You now have issued too many certs in the past 7 days.
@rg305 So what can I do now? 
Affliction gripped me, and I didn't realize there were limits on renewing certificates.
Look, this is our production server.
Yes. Are you referring to this post?
Should I try again without "--preferred-chain"?
This part of it:
Thank you @rg305 I found my mistake:
my chain.pem had three keys, I removed one and everything was fine.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.
