Verifying cert.pem zimbra_chain.pem error
SubZero77 opened this issue · 2 comments
I have the latest 0.7.12 version, but when I try to get a certificate I get the same error all the time:
[root@mail ~]# certbot_zimbra.sh --new --prompt-confirm
certbot-zimbra v0.7.12 - https://github.com/YetOpen/certbot-zimbra
Checking for dependencies...
Detected Zimbra 9.0.0 on UNKNOWN_64
Using zmhostname to detect domain.
Using domain mail.mydomain.ru (as certificate DN)
Is this correct? y
Detecting additional public service hostnames... Found 0 zimbraPublicServiceHostnames through auto-detection
Checking zimbra-proxy is running and enabled
Detecting port from zimbraMailProxyPort
Checking if process is listening on port 80 with name "nginx" user "zimbra"
Nginx templates already patched.
Nginx includes already patched, skipping zmproxy restart.
Detecting certbot version...
certbot 1.22.0
We will now run certbot to request the certificate. Proceed? y
Running /usr/bin/certbot certonly --webroot -w /opt/zimbra/data/nginx/html --cert-name mail.mydomain.ru -d mail.mydomain.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mail.mydomain.ru
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.mydomain.ru-0009/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mail.mydomain.ru-0009/privkey.pem
This certificate expires on 2022-08-12.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
If you like Certbot, please consider supporting our work by:
- Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
- Donating to EFF: https://eff.org/donate-le
Preparing certificates for deployment.
Testing with zmcertmgr.
** Verifying '/run/certbot-zimbra/certs-C230hAvq/cert.pem' against '/run/certbot-zimbra/certs-C230hAvq/privkey.pem'
Certificate '/run/certbot-zimbra/certs-C230hAvq/cert.pem' and private key '/run/certbot-zimbra/certs-C230hAvq/privkey.pem' match.
** Verifying '/run/certbot-zimbra/certs-C230hAvq/cert.pem' against '/run/certbot-zimbra/certs-C230hAvq/zimbra_chain.pem'
ERROR: Unable to validate certificate chain: CN = mail.mydomain.ru
error 10 at 0 depth lookup: certificate has expired
error /run/certbot-zimbra/certs-C230hAvq/cert.pem: verification failed
An error seems to have occurred. Please read the output above for clues and try to rectify the situation.
If you believe this is an error with the script, please file an issue at https://github.com/YetOpen/certbot-zimbra.
same