certbot-zimbra
certbot-zimbra copied to clipboard
YetOpen
Deploy: keytool error: java.io.FileNotFoundException file not found error
When doing a -d it gives the following error after zimbra patch upgrade (8.8.15);
** Appending ca chain '/run/certbot-zimbra/certs-UYVR3kp8/zimbra_chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts' ERROR: cacerts keytool(-import -alias zcs-user-commercial_ca -noprompt -file /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt) returned non-zero(1): Certificate was added to keystore keytool error: java.io.FileNotFoundException: /opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts (No such file or directory)
An error seems to have occurred. Please read the output above for clues and try to rectify the situation. If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra.
Ugly solution:
root@:# cd /opt/zimbra/common/lib/jvm/java/ root@:/opt/zimbra/common/lib/jvm/java# ln -s /opt/zimbra/common/lib/jvm/java jre root@:/opt/zimbra/common/lib/jvm/java# ls /opt/zimbra/common/lib/jvm/java/jre/lib/security/ blocked.certs cacerts default.policy public_suffix_list.dat
root@:/opt/zimbra/common/lib/jvm/java# /usr/local/bin/certbot_zimbra.sh -d Checking for dependencies... Detected Zimbra 8.8.15 on UBUNTU18_64 Using zmhostname to detect domain. Using domain (as certificate DN) Preparing certificates for deployment. Testing with zmcertmgr. ** Verifying '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' against '/run/certbot-zimbra/certs-PKtMUXsq/privkey.pem' Certificate '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' and private key '/run/certbot-zimbra/certs-PKtMUXsq/privkey.pem' match. ** Verifying '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' against '/run/certbot-zimbra/certs-PKtMUXsq/zimbra_chain.pem' Valid certificate chain: /run/certbot-zimbra/certs-PKtMUXsq/cert.pem: OK Deploying certificates. ** Verifying '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' against '/run/certbot-zimbra/certs-PKtMUXsq/zimbra_chain.pem' Valid certificate chain: /run/certbot-zimbra/certs-PKtMUXsq/cert.pem: OK ** Copying '/run/certbot-zimbra/certs-PKtMUXsq/cert.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Copying '/run/certbot-zimbra/certs-PKtMUXsq/zimbra_chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' ** Appending ca chain '/run/certbot-zimbra/certs-PKtMUXsq/zimbra_chain.pem' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' ** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/jre/lib/security/cacerts' ** NOTE: restart mailboxd to use the imported certificate. ** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer ...ok ** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer ...ok
The script doesn't access files in common/, at first sight this looks like a Zimbra bug to me...
Zimbra issue. Try searching on the Zimbra forums or their Github. (I think their bugzilla is still abandoned so don't try there). Maybe /opt/zimbra/libexec/zmfixperms
