Virtual Architects Support Wiki

User Tools

Site Tools

You are here: start » internet » security » ssl_cert_letsencrypt_zimbra
Trace: contacts
internet:security:ssl_cert_letsencrypt_zimbra

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
internet:security:ssl_cert_letsencrypt_zimbra [2022/01/18 09:42]
gcooper 		internet:security:ssl_cert_letsencrypt_zimbra [2022/09/06 12:31]
gcooper
Line 1: Line 1:
 ====== Using LetsEncrypt SSL Certificates with Zimbra ====== ====== Using LetsEncrypt SSL Certificates with Zimbra ======
  
-https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt+See also **[[internet:mail:zimbra:zimbra_ssl#self-signed_certificates|Zimbra Self-Signed SSL Certs]]**
  
-https://github.com/JimDunphy/deploy-zimbra-letsencrypt.sh +**Howto**: https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate
- +
-https://github.com/acmesh-official/acme.sh +
- +
-https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert +
- +
-https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode+
  
 <note warning> <note warning>
 Your Zimbra will be restarted during this process, taking users offline! Your Zimbra will be restarted during this process, taking users offline!
 </note> </note>
- 
-<note warning>When using DNS auth for LetsEncrypt, you cannot automatically renew unless your DNS is hosted by a provider with a supported API.</note> 
  
 <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note> <note tip>Be sure to include all Subject Alternative Hostnames (SANs) that you need on the certificate.</note>
  
-<note tip>When creating or renewing without a DNS APIyou run an 'issue' command, then ADD records to your DNS, then rerun the 'issue' command with the --renew flag.</note>+<note warning>The single-server portion of the howto is fantastic.  Howeverit only works for the actual hostname and doesn't include any SANs (alternate hostnames) you might need.</note>
  
-===== Install acme.sh =====+===== Troubleshooting =====
  
-<file> +Certbot logs to ''/var/log/letsencrypt/letsencrypt.log''.
-su -  +
-mkdir /opt/zimbra/.acme.sh; chown zimbra:zimbra /opt/zimbra/.acme.sh+
  
-su zimbra +If you have trouble reissuing a new cert, or **if Zimbra won't start**, recreate and deploy a new self-signed cert to get Zimbra 'working' again Then re-implement a LetsEncrypt cert.
-cd /opt/zimbra/.acme.sh +
-wget -O -  https://get.acme.sh | sh +
-</file>+
  
-===== Configure for LetsEncrypt =====+If a cert is expired, you must reissue a new cert.
  
-Set defalt CA to LetsEncrypt+If a certificate renewal fails, try reissuing a new cert instead.
  
-<file> +===== Modifications =====
-su - zimbra +
-cd .acme.sh/ +
-./acme.sh --set-default-ca --preferred-chain "ISRG" --server letsencrypt +
-</file>+
  
-===== Upgrade acme.sh =====+<note tip>**Suppress daily cron e-mail message**...</note>
  
-<file> +<note tip>You **can** modify the script to support **additional SANs**...</note>
-./acme.sh --upgrade +
-</file>+
  
-===== View Deployed Certs ===== +<note tip>Adjust script to **only run if certificate is updated**...</note>
- +
-==== Zimbra ====+
  
 <file> <file>
-/opt/zimbra/bin/zmcertmgr viewdeployedcrt all+#!/bin/bash 
 +
 +# Modification to suppress e-mailed cron job notifications every day 
 +MAILTO="" 
 +
 +# Modification for SAN certificate with multiple hostnames 
 +# This may/will need to be adjusted for hostnames and possibly cert name 
 +# If you followed the howto above using just the actual hostname, it will look like this 
 +/usr/local/sbin/certbot certonly --cert-name zimbra2.yourdomain.tld -d zimbra2.yourdomain.tld -d zimbra.yourdomain.tld --standalone --manual-public-ip-logging-ok -n --preferred-chain  "ISRG Root X1" --agree-tos --register-unsafely-without-email 
 +
 +# Modification to test if cert was changed then exit script 
 +if grep "not yet due for renewal" /var/log/letsencrypt/letsencrypt.log; then 
 +   exit 0 
 +fi 
 +
 +cp "/etc/letsencrypt/live/zimbra.yourdomain.tld/privkey.pem" /opt/zimbra/ssl/zimbra/commercial/commercial.key 
 +chown zimbra:zimbra /opt/zimbra/ssl/zimbra/commercial/commercial.key 
 +wget -O /tmp/ISRG-X1.pem https://letsencrypt.org/certs/isrgrootx1.pem.txt 
 +rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem" 
 +cp "/etc/letsencrypt/live/zimbra.yourdomain.tld/chain.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem" 
 +cat /tmp/ISRG-X1.pem >> "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/chainZimbra.pem" 
 +chown zimbra:zimbra /etc/letsencrypt -R 
 +cd /tmp 
 +su zimbra -c '/opt/zimbra/bin/zmcertmgr deploycrt comm "/etc/letsencrypt/live/zimbra3.virtualarchitects.com/cert.pem" "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"' 
 +rm -f "/etc/letsencrypt/live/zimbra.yourdomain.tld/chainZimbra.pem"
 </file> </file>
- 
-==== acme.sh ==== 
- 
-<file> 
-./acme.sh --list 
-</file> 
- 
-===== Create or Renew Cert ===== 
- 
-Use the ''--renew'' flag for renewals.  This will also deploy the updated cert. 
- 
-<file> 
-acme.sh --issue --dns -d hostname.domain.tld -d san.domain.tld --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew 
-</file> 
- 
-===== Original Cert Deployment ===== 
- 
-<file> 
-acme.sh --deploy --deploy-hook zimbra -d hostname.domain.tld -d san.domain.tld 
-</file> 
- 
-===== Troubleshooting ===== 
- 
-See also **[[internet:mail:zimbra:zimbra_ssl#self-signed_certificates|Zimbra Self-Signed SSL Certs]]** 
- 
-If a cert is expired, you must reissue a new cert. 
- 
-If a certificate renewal fails, try reissuing a new cert instead. 
- 
-If you have trouble reissuing a new cert, recreate and deploy a new self-signed cert to get Zimbra 'working' again.  Then re-implement a LetsEncrypt cert. 
- 
- 
- 
- 
- 
- 
-Old Info 
- 
-https://wiki.zimbra.com/wiki/JDunphy-Letsencrypt 
- 
-https://github.com/acmesh-official/acme.sh 
- 
-https://github.com/acmesh-official/acme.sh/wiki/How-to-issue-a-cert 
- 
-https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode 
- 
- 
-zimbra@zimbra2:~$ acme.sh --issue --dns -d zimbra2.virtualarchitects.com -d zimbra.virtualarchitects.com 
- 
-[Wed Nov 10 20:24:04 MST 2021] It seems that you are using dns manual mode. Read this link first: https://github.com/acmesh-official/acme.sh/wiki/dns-manual-mode 
-zimbra@zimbra2:~$ acme.sh --issue --dns -d zimbra2.virtualarchitects.com -d zimbra.virtualarchitects.com --yes-I-know-dns-manual-mode-enough-go-ahead-please 
-[Wed Nov 10 20:25:27 MST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory 
-[Wed Nov 10 20:25:28 MST 2021] Create account key ok. 
-[Wed Nov 10 20:25:28 MST 2021] Registering account: https://acme-v02.api.letsencrypt.org/directory 
-[Wed Nov 10 20:25:28 MST 2021] Registered 
-[Wed Nov 10 20:25:28 MST 2021] ACCOUNT_THUMBPRINT='5W6wS2ZyBnn-WvlfQU1EUaxVD7ZWsFC91JeXlt4pXJU' 
-[Wed Nov 10 20:25:28 MST 2021] Creating domain key 
-[Wed Nov 10 20:25:28 MST 2021] The domain key is here: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.key 
-[Wed Nov 10 20:25:28 MST 2021] Multi domain='DNS:zimbra2.virtualarchitects.com,DNS:zimbra.virtualarchitects.com' 
-[Wed Nov 10 20:25:28 MST 2021] Getting domain auth token for each domain 
-[Wed Nov 10 20:25:29 MST 2021] Getting webroot for domain='zimbra2.virtualarchitects.com' 
-[Wed Nov 10 20:25:30 MST 2021] Getting webroot for domain='zimbra.virtualarchitects.com' 
-[Wed Nov 10 20:25:30 MST 2021] Add the following TXT record: 
-[Wed Nov 10 20:25:30 MST 2021] Domain: '_acme-challenge.zimbra2.virtualarchitects.com' 
-[Wed Nov 10 20:25:30 MST 2021] TXT value: 'jH4x4nro9AlD00jrhOwpkuRXJTptq7WLg02CsgRTt1c' 
-[Wed Nov 10 20:25:30 MST 2021] Please be aware that you prepend _acme-challenge. before your domain 
-[Wed Nov 10 20:25:30 MST 2021] so the resulting subdomain will be: _acme-challenge.zimbra2.virtualarchitects.com 
-[Wed Nov 10 20:25:30 MST 2021] Add the following TXT record: 
-[Wed Nov 10 20:25:30 MST 2021] Domain: '_acme-challenge.zimbra.virtualarchitects.com' 
-[Wed Nov 10 20:25:30 MST 2021] TXT value: 'iz8c7WcRq4XZUYZfyoqRAHONjPmOT2L75c2Iy11o1Uc' 
-[Wed Nov 10 20:25:30 MST 2021] Please be aware that you prepend _acme-challenge. before your domain 
-[Wed Nov 10 20:25:30 MST 2021] so the resulting subdomain will be: _acme-challenge.zimbra.virtualarchitects.com 
-[Wed Nov 10 20:25:30 MST 2021] Please add the TXT records to the domains, and re-run with --renew. 
-[Wed Nov 10 20:25:30 MST 2021] Please add '--debug' or '--log' to check more details. 
-[Wed Nov 10 20:25:30 MST 2021] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh 
-zimbra@zimbra2:~$ acme.sh --issue --dns -d zimbra2.virtualarchitects.com -d zimbra.virtualarchitects.com --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew 
-[Wed Nov 10 20:34:57 MST 2021] Renew: 'zimbra2.virtualarchitects.com' 
-[Wed Nov 10 20:34:57 MST 2021] Using CA: https://acme-v02.api.letsencrypt.org/directory 
-[Wed Nov 10 20:34:57 MST 2021] Multi domain='DNS:zimbra2.virtualarchitects.com,DNS:zimbra.virtualarchitects.com' 
-[Wed Nov 10 20:34:57 MST 2021] Getting domain auth token for each domain 
-[Wed Nov 10 20:34:57 MST 2021] Verifying: zimbra2.virtualarchitects.com 
-[Wed Nov 10 20:34:58 MST 2021] Pending, The CA is processing your order, please just wait. (1/30) 
-[Wed Nov 10 20:35:00 MST 2021] Success 
-[Wed Nov 10 20:35:00 MST 2021] Verifying: zimbra.virtualarchitects.com 
-[Wed Nov 10 20:35:01 MST 2021] Pending, The CA is processing your order, please just wait. (1/30) 
-[Wed Nov 10 20:35:03 MST 2021] Success 
-[Wed Nov 10 20:35:03 MST 2021] Verify finished, start to sign. 
-[Wed Nov 10 20:35:03 MST 2021] Lets finalize the order. 
-[Wed Nov 10 20:35:03 MST 2021] Le_OrderFinalize='https://acme-v02.api.letsencrypt.org/acme/finalize/276008060/38727234670' 
-[Wed Nov 10 20:35:05 MST 2021] Downloading cert. 
-[Wed Nov 10 20:35:05 MST 2021] Le_LinkCert='https://acme-v02.api.letsencrypt.org/acme/cert/04e623499acb07130eae163ae7b85ec739e3' 
-[Wed Nov 10 20:35:05 MST 2021] Try rel: https://acme-v02.api.letsencrypt.org/acme/cert/04e623499acb07130eae163ae7b85ec739e3/1 
-[Wed Nov 10 20:35:05 MST 2021] Matched issuer in: https://acme-v02.api.letsencrypt.org/acme/cert/04e623499acb07130eae163ae7b85ec739e3/1 
-[Wed Nov 10 20:35:05 MST 2021] Cert success. 
------BEGIN CERTIFICATE----- 
-MIIFXjCCBEagAwIBAgISBOYjSZrLBxMOrhY657hexznjMA0GCSqGSIb3DQEBCwUA 
-MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD 
-EwJSMzAeFw0yMTExMTEwMjM1MDRaFw0yMjAyMDkwMjM1MDNaMCgxJjAkBgNVBAMT 
-HXppbWJyYTIudmlydHVhbGFyY2hpdGVjdHMuY29tMIIBIjANBgkqhkiG9w0BAQEF 
-AAOCAQ8AMIIBCgKCAQEAuYahvVpEfTwfdN0ywalrml7oJNhJxUX2IofWi0PikOvs 
-QmuUosN0bLYB4ARLiSZ7hM+Sm7oKqf3/7IX5zpXlYCZBjC6+Zv2zjhyGTCnEDa/f 
-FbWO1GaVhMreBqMiXzoTy9D6fHQrfPVUeDF1bMkNaaJRwIzDLvV76P9mjqePnKX9 
-s5MLjFIEY3R7FbSxgcevm6uJr0cvNL8Bxd+CRWxM3oj7vGhsalcy3Al2aX7Dx+Re 
-G0Icj3Xrxg5Onol87yznT8OhG7rPXBabmgEMmIL6hGokKcDrJ3ZkKtRqHb+Tj8Gj 
-yivtTvuG3HV46SEnwhhByVoewDRffCExU47+auehtQIDAQABo4ICdjCCAnIwDgYD 
-VR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNV 
-HRMBAf8EAjAAMB0GA1UdDgQWBBSFjCrAa7t2+5jG/KHv9R+vR+aXSjAfBgNVHSME 
-GDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYB 
-BQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDov 
-L3IzLmkubGVuY3Iub3JnLzBGBgNVHREEPzA9ghx6aW1icmEudmlydHVhbGFyY2hp 
-dGVjdHMuY29tgh16aW1icmEyLnZpcnR1YWxhcmNoaXRlY3RzLmNvbTBMBgNVHSAE 
-RTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRw 
-Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2 
-AEalVet1+pEgMLWiiWn0830RLEF0vv1JuIWr8vxw/m1HAAABfQ0QL5YAAAQDAEcw 
-RQIgCKpqWqmK9RFe1FgrLZfNt3hcvz0nIRmMTcV9GeFtHesCIQDYeWP7Zu7jKYEu 
-rx3LV8ZsxM3slRUJiRDKdr/MSvqgCgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEA 
-KQaNsgiaN9kTAAABfQ0QMYwAAAQDAEcwRQIgBj9euaJoExyL0PhAHltebzXKfiEK 
-HPFb02vJkxSFV4wCIQD31pTo6/2jkjbY6Eh7UhfZeFAYmXVZ//xIefuVcz9+sTAN 
-BgkqhkiG9w0BAQsFAAOCAQEAT/KcOSzu3KwDbXHezkrlc7zZWxH3gS2FVWcKao57 
-4W7DnvNT6d7qUoCL8sZicfSNFgGBaHt4dzIZuvYCOhiO+eDTVUUzfPHViPuogX8F 
-hk41Abd5ND3N9Ep2tPiefT1YE1f5fjuMQy7RsNmQtSk07ODUR/hvlWJ/T7aRbMj6 
-rGOTqjXy/xkABMSdOR/1tm7ZvOESr7rjbbknlmir7MW+zbno0MK44DViOLDuKTPF 
-mEqyUPR+yxADn1nOPUS5xpaVXN0jbaF2dXWjrzjE0NMWGa1EkXLwFImz8D106LzH 
-3ug4SC/Puyf1tr3j0NNHK5s4LBqjatlebz16E3k6P2lXlw== 
------END CERTIFICATE----- 
-[Wed Nov 10 20:35:05 MST 2021] Your cert is in: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer 
-[Wed Nov 10 20:35:05 MST 2021] Your cert key is in: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.key 
-[Wed Nov 10 20:35:05 MST 2021] The intermediate CA cert is in: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/ca.cer 
-[Wed Nov 10 20:35:05 MST 2021] And the full chain certs is there: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/fullchain.cer 
-zimbra@zimbra2:~$ 
- 
- 
- 
-acme.sh --deploy --deploy-hook zimbra -d zimbra2.virtualarchitects.com -d zimbra.virtualarchitects.com 
- 
-zimbra@zimbra2:~$ acme.sh --deploy --deploy-hook zimbra -d zimbra2.virtualarchitects.com -d zimbra.virtualarchitects.com 
-** Verifying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' against '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.key' 
-Certificate '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' and private key '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.key' match. 
-** Verifying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' against '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/ca.cer.real' 
-Valid certificate chain: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer: OK 
-** Verifying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' 
-Certificate '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. 
-** Verifying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' against '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/ca.cer.real' 
-Valid certificate chain: /opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer: OK 
-** Copying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/zimbra2.virtualarchitects.com.cer' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' 
-** Copying '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/ca.cer.real' to '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' 
-** Appending ca chain '/opt/zimbra/.acme.sh/zimbra2.virtualarchitects.com/ca.cer.real' to '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' 
-** Importing cert '/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' as 'zcs-user-commercial_ca' into cacerts '/opt/zimbra/common/lib/jvm/java/lib/security/cacerts' 
-** NOTE: restart mailboxd to use the imported certificate. 
-** Saving config key 'zimbraSSLCertificate' via zmprov modifyServer zimbra2.virtualarchitects.com...ok 
-** Saving config key 'zimbraSSLPrivateKey' via zmprov modifyServer zimbra2.virtualarchitects.com...ok 
-** Installing imapd certificate '/opt/zimbra/conf/imapd.crt' and key '/opt/zimbra/conf/imapd.key' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/imapd.crt' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/imapd.key' 
-** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' 
-** Creating keystore '/opt/zimbra/conf/imapd.keystore' 
-** Installing ldap certificate '/opt/zimbra/conf/slapd.crt' and key '/opt/zimbra/conf/slapd.key' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/slapd.crt' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/slapd.key' 
-** Creating file '/opt/zimbra/ssl/zimbra/jetty.pkcs12' 
-** Creating keystore '/opt/zimbra/mailboxd/etc/keystore' 
-** Installing mta certificate '/opt/zimbra/conf/smtpd.crt' and key '/opt/zimbra/conf/smtpd.key' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/smtpd.crt' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/smtpd.key' 
-** Installing proxy certificate '/opt/zimbra/conf/nginx.crt' and key '/opt/zimbra/conf/nginx.key' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.crt' to '/opt/zimbra/conf/nginx.crt' 
-** Copying '/opt/zimbra/ssl/zimbra/commercial/commercial.key' to '/opt/zimbra/conf/nginx.key' 
-** NOTE: restart services to use the new certificates. 
-** Cleaning up 9 files from '/opt/zimbra/conf/ca' 
-** Removing /opt/zimbra/conf/ca/d65ba5bf.0 
-** Removing /opt/zimbra/conf/ca/8d33f237.0 
-** Removing /opt/zimbra/conf/ca/commercial_ca_1.crt 
-** Removing /opt/zimbra/conf/ca/2e5ac55d.0 
-** Removing /opt/zimbra/conf/ca/4042bcee.0 
-** Removing /opt/zimbra/conf/ca/commercial_ca_3.crt 
-** Removing /opt/zimbra/conf/ca/ca.pem 
-** Removing /opt/zimbra/conf/ca/ca.key 
-** Removing /opt/zimbra/conf/ca/commercial_ca_2.crt 
-** Copying CA to /opt/zimbra/conf/ca 
-** Copying '/opt/zimbra/ssl/zimbra/ca/ca.key' to '/opt/zimbra/conf/ca/ca.key' 
-** Copying '/opt/zimbra/ssl/zimbra/ca/ca.pem' to '/opt/zimbra/conf/ca/ca.pem' 
-** Creating CA hash symlink 'd65ba5bf.0' -> 'ca.pem' 
-** Creating /opt/zimbra/conf/ca/commercial_ca_1.crt 
-** Creating CA hash symlink 'b88a82fc.0' -> 'commercial_ca_1.crt' 
-** Creating /opt/zimbra/conf/ca/commercial_ca_2.crt 
-** Creating CA hash symlink '8d33f237.0' -> 'commercial_ca_2.crt' 
-** Creating /opt/zimbra/conf/ca/commercial_ca_3.crt 
-** Creating CA hash symlink '4042bcee.0' -> 'commercial_ca_3.crt' 
-Host zimbra2.virtualarchitects.com 
- Stopping zmconfigd...Done. 
- Stopping zimlet webapp...Done. 
- Stopping zimbraAdmin webapp...Done. 
- Stopping zimbra webapp...Done. 
- Stopping service webapp...Done. 
- Stopping stats...Done. 
- Stopping mta...Done. 
- Stopping spell...Done. 
- Stopping snmp...Done. 
- Stopping cbpolicyd...Done. 
- Stopping archiving...Done. 
- Stopping opendkim...Done. 
- Stopping amavis...Done. 
- Stopping antivirus...Done. 
- Stopping antispam...Done. 
- Stopping proxy...Done. 
- Stopping memcached...Done. 
- Stopping mailbox...Done. 
- Stopping logger...Done. 
- Stopping dnscache...Done. 
- Stopping ldap...Done. 
-Host zimbra2.virtualarchitects.com 
- Starting ldap...Done. 
- Starting zmconfigd...Done. 
- Starting dnscache...Done. 
- Starting logger...Done. 
- Starting mailbox...Done. 
- Starting memcached...Done. 
- Starting proxy...Done. 
- Starting amavis...Done. 
- Starting antispam...Done. 
- Starting antivirus...Done. 
- Starting opendkim...Done. 
- Starting snmp...Done. 
- Starting spell...Done. 
- Starting mta...Done. 
- Starting stats...Done. 
- Starting service webapp...Done. 
- Starting zimbra webapp...Done. 
- Starting zimbraAdmin webapp...Done. 
- Starting zimlet webapp...Done. 
-[Wed Nov 10 20:48:31 MST 2021] Success 

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki