not working on Zimbra 8.8.12

[Blisk]

I have run this script today and no errors but when I go to zimbra webmail I still get message it is untrusted certificate. I see that certificate was created How to fix this?

[VojtechMyslivec]

Hi, what exact command did you execute? What is the issues of the cert on your zimbra web interface? Vojtech

[Blisk]

I did this. sudo -Hiu zimbra /opt/letsencrypt-zimbra/obtain-and-deploy-letsencrypt-cert.sh -v

Certificates are still untrusted. Let's Encrypt Authority X3 Let's Encrypt

I have installed also apache and I have changed port for webmail and proxy.

where script store certificates?

[VojtechMyslivec]

Hello, If you have some custom reverse proxy in front of zimbra's internal one, you must to handle it by yourself. This script takes care about zimbra' services like "internal" nginx proxy.

Try to check admin web interface on port 7071 (https://my.mail.server.org::7071/), smtps and imaps protocol (through some mail client, e.g. Thunderbird or, openssl s_client ...).

About you custom web proxy, I would recommend you to look on documentation of official certbot, as letsencrypt-zimbra script use this tool as well.

Update:

Certificates are still untrusted. Let's Encrypt Authority X3 Let's Encrypt

I don't understand this information. So your browser reports Let's Encrypt certificate is used and it is not trusted? It seems a) you are accessing the web via a domain name which is not inside the certificate (probably missing in letsencrypt-zimbra.cfg, b) you use really old browser and/or OS or, c) you run some restricted environment where Let's Encrypt root CA is not trusted.

where script store certificates?

They are stored in /tmp during the process however, they are installed to zimbra' store, which is somewhere like /opt/zimbra/ssl/zimbra/commercial/.

[uckons]

Hi I'm trying to run your script but always getting error

Failed authorization procedure. mail.expamplesecurities.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expamplesecurities.com/.well-known/acme-challenge/TIfjXFNoekEPpqQ7DtpIGRXN3lPKqLICmNOqQUL0rK8: Connection refused, mail.expamplesecurities.co.id (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expamplesecurities.co.id/.well-known/acme-challenge/3N484dTxz1JNPpyOeaEdj2hYGK9Q56IhYLpv0RPHqbQ: Connection refused, mail.expample.id (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expample.id/.well-known/acme-challenge/l1N_icAeNlNp0IRRUslv9GTOqq4ukoCe_LmOlUGCv88: Connection refused, mail.expamplesekuritas.com (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expamplesekuritas.com/.well-known/acme-challenge/d3RpFSAF4YnQjKixR4RHLo0Z-pD_PNlpA2ByIq-RsXY: Connection refused, mail.expample.co.id (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expample.co.id/.well-known/acme-challenge/YZWmwV5XkEZKNDxBQ5e9r5J8HiAGSk1sNuwEEQxX4Yg: Connection refused, mail.expamplesekuritas.co.id (http-01): urn:ietf:params:acme:error:connection :: The server could not connect to the client to verify the domain :: Fetching http://mail.expamplesekuritas.co.id/.well-known/acme-challenge/srOkkjxBy4O9qboCOGhH1lqmyA6BgF4cEZZqbGjs6fk: Connection refused

i'm using zimbra 8.8.12 with ubuntu 14.04

[VojtechMyslivec]

Hi @uckons I have moved your question to separate issue as it seems to be a different problem.

[VojtechMyslivec]

Original authors is not interested anymore and it seems to be not an issue of the script.