certbot-zimbra
certbot-zimbra copied to clipboard
YetOpen
Verifying cert.pem zimbra_chain.pem error
I have the latest 0.7.12 version, but when I try to get a certificate I get the same error all the time: [root@mail ~]# certbot_zimbra.sh --new --prompt-confirm certbot-zimbra v0.7.12 - https://github.com/YetOpen/certbot-zimbra Checking for dependencies... Detected Zimbra 9.0.0 on UNKNOWN_64 Using zmhostname to detect domain. Using domain mail.mydomain.ru (as certificate DN) Is this correct? y Detecting additional public service hostnames... Found 0 zimbraPublicServiceHostnames through auto-detection Checking zimbra-proxy is running and enabled Detecting port from zimbraMailProxyPort Checking if process is listening on port 80 with name "nginx" user "zimbra" Nginx templates already patched. Nginx includes already patched, skipping zmproxy restart. Detecting certbot version... certbot 1.22.0 We will now run certbot to request the certificate. Proceed? y Running /usr/bin/certbot certonly --webroot -w /opt/zimbra/data/nginx/html --cert-name mail.mydomain.ru -d mail.mydomain.ru Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for mail.mydomain.ru
Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/mail.mydomain.ru-0009/fullchain.pem Key is saved at: /etc/letsencrypt/live/mail.mydomain.ru-0009/privkey.pem This certificate expires on 2022-08-12. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
- Donating to EFF: https://eff.org/donate-le
Preparing certificates for deployment. Testing with zmcertmgr. ** Verifying '/run/certbot-zimbra/certs-C230hAvq/cert.pem' against '/run/certbot-zimbra/certs-C230hAvq/privkey.pem' Certificate '/run/certbot-zimbra/certs-C230hAvq/cert.pem' and private key '/run/certbot-zimbra/certs-C230hAvq/privkey.pem' match. ** Verifying '/run/certbot-zimbra/certs-C230hAvq/cert.pem' against '/run/certbot-zimbra/certs-C230hAvq/zimbra_chain.pem' ERROR: Unable to validate certificate chain: CN = mail.mydomain.ru error 10 at 0 depth lookup: certificate has expired error /run/certbot-zimbra/certs-C230hAvq/cert.pem: verification failed
An error seems to have occurred. Please read the output above for clues and try to rectify the situation. If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra.
