Results 1 to 6 of 6

Thread: Https access problem help needed please....

  1. #1
    Join Date
    Mar 2008
    Posts
    21
    Rep Power
    7

    Default Https access problem help needed please....

    I am a newbie to Linux and Zimbra I have had Ubuntu server 7.10 running for around 2 months and working perfectly with Zimbra 5.0.1 until I shutdown my machine off at the weekend. I turned it back on and did not get any errors on the boot up screen but I could not access any https based interfaces all I get is an error from firefox saying that that the site uses a security protocol which isn't enabled and from IE I just get a page cannot be displayed error. If I change webmail to use http it works but I still have the same issue and errors when trying to access the admin page.
    It is as if the SSL/https part has failed in some way I have tryied to reinstall Zimbra, no error or conflicts are shown and it reinstalled fine but the error/issue is still there. I have looked in the zimbra logs and the only thing I have found that appears to be odd as it only started yesterday after I restarted the PC and I had this problem is in the httpd_error log where I have 6 copies of this error

    [Tue Mar 25 20:52:16 2008] [notice] caught SIGTERM, shutting down
    [Tue Mar 25 20:55:29 2008] [notice] Apache/2.2.6 (Unix) PHP/5.2.2 configured -- resuming normal operations

    Not sure if the above error is anything to do with it or not?

    Is there any other logs that I should be looking in?

    Any help would be greatly appreciated....

  2. #2
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Wiki is your friend and should always be consulted Log Files - Zimbra :: Wiki

  3. #3
    Join Date
    Mar 2008
    Posts
    21
    Rep Power
    7

    Default

    My Zimbra https woes continue….
    I rechecked the log files and other than the (possible) errors in my original post cannot find anything that looks out of the ordinary. So I did some more forum searching and found this post
    http://www.zimbra.com/forums/install...ga-failed.html

    This appears to be the same problem I am having as I did try to update the cert with a alt name and got the Jetty error via the web admin page cert manager but everything worked fine afterwards until I rebooted so some changes must have happened which caused the problem (is there a bug in the web admin cert manager?)

    Anyway I followed the instruction on the above post but every time I got an error for jetty as shown in the post as the cert was being configure with a UK request but the key was US and did not match. I deleted the files as described but just could not get it to work.

    So I found this SSL Certificate Problems - Zimbra :: Wiki and thought take them out and rebuild completely I followed the instructions but when I try to “zmcertmgr createca –new” I get the error that the ca.csr cannot be found. I copied the ca.csr from the backup but again still get the same error. So I am assuming that ca.csr is corrupt either from the original web admin cert manager change or from copying it to the backup directory.

    I have searched the web again to try and find how to create a ca.csr and looked at the help output from the zmcertmgr script but can’t seem to find a way to do it?

    I thought that as I had removed everything as per the first part of the wiki entry I would try reinstalling (via an upgrade) 5.0.1 this worked and the script output said creating SSL certs but the same error on all https connection occur….. argh!!!!!

    So my thinking now and where I could do with some advice and help from any Zimbra guru’s out there is:

    1) Does anybody know how to create the ca.csr file so I can finish the wiki page instructions? Alternatively is there any other way I could just blat the existing certs and install fresh self signed certs in to everywhere they need to be….? If anybody could reply with the commands I need or forum entries that I may have missed, which explains this it would be appreciated.
    2) Download and try to upgrade to 5.0.4 and see if the version change flushes out the issues? Not hopeful on this one though but may be worth a try!!!!!
    3) Rename the zimbra dir do a fresh installation and manually set-up the server again to avoid copying the issue back in to the new install, then somehow copy the mail/calendar stuff from the old to the new install. Re the copy process I have found a number of posts about doing this on the open source version that I am using and think that I need to copy the “store and index” directories from what I have read, is this about right? Do I need to do anything else as some of them say that I need to re-run the installers but other don’t? Again if anybody could reply with the commands I need or forum entries that I may have missed, which explains this it would be greatly appreciated.

    To be honest any help is appreciated here and thanks in advance for any help anybody can give as I am learning quite a lot but I am “pushing the envelope of my knowledge” here…..

  4. #4
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

  5. #5
    Join Date
    Dec 2007
    Posts
    50
    Rep Power
    7

    Default

    Does these instruction work with install Certs on 4.0.5? I tried to install a cert using the admin interface with no luck?

    How are Certs handled in a multi-server configuration?

  6. #6
    Join Date
    Mar 2008
    Posts
    21
    Rep Power
    7

    Default

    OK I have managed to fix this but not with the links above as I still ended up with the problem of still not having a ca.csr file to gererate the cert.

    However as thank for your help and hopefully to possibly help others in the same situation here’s what I did to fix it…..

    What you need
    The install files for the version of zimbra you are currently using and is broken.

    What to do
    1)Move the broken /opt/zimbra directory to another location and rename, I move it to my home directory and renamed it zimbraold
    2)Install a clean copy of the version you are using i.e. it will recreate the /opt/zimbra directory. This is not an upgrade and when it asks about deleting mail click yes, as your mail should be safely tucked away in the zimbraold directory.
    3)Once installed stop zimbra (zmcontrol stop, as zimbra user) rename /opt/zimbra to /opt/zimbranew
    4)Copy the zimbraold directory from the location you put it, in to /opt/zimbra again. So you now have /opt/zimbra which is your old broken install (including your settings and mail etc) and /opt/zimbranew which is the clean fresh install.
    5)Copy /opt/zimbranew/ssl to /opt/zimbra/ssl
    6)Copy the 2 zmssl. named files in /opt/zimbranew/conf to /opt/zimbra/conf
    7)Then reinstall zimbra again but this time when it asks about upgrading type yes… If you do not do this it will delete your mail and you would have to start from point 4 above again by recopying your zimbraold data again.
    8)Once the installation is complete, stop zimbra (zmcontrol stop, as zimbra user)
    9)Then go to this wiki page SSL Certificate Problems - Zimbra :: Wiki find the “create the CA certification (as zimbra)" section and complete all the commands relevant to your version from this section to the bottom of the page.
    10)Then restart zimbra (zmcontrol start, as zimbra user)
    11)Check that all services have started (zmcontrol status, as zimbra user), the services depending on the speed of your system may take a few minutes to start so keep repeating this command and you should see more and more showing as running. To give you an idea I have a 1 Ghz ITX box with 1 gig of ram and it normally takes around 3 minutes for all services to start.
    12)Once all services have started you should now have a working admin page and if you have zmtldclt set to either both or https you should also have working https webmail.

    Disclaimer – this is what I did and it worked for me on a Ubuntu 7.10 server with OSS version 5.0.1 Zimbra, but you use this at your own risk!!!!

    As a foot note to this I have now increased my backup regime I have a “day one” backup as it was when I got it going last night and I am now doing daily backups so hopefully should anything like this happen again in the future I would have a proper backup to restore from which should be much quicker than the above to complete. Details about backup and restore are shown in various posts on the forum.

    I hope that this may help or at least point someone in the right direction, should they have a similar issue to me.

Similar Threads

  1. Problem with antivirus...and more. Help needed
    By spAlex in forum Administrators
    Replies: 4
    Last Post: 01-09-2008, 12:28 AM
  2. [SOLVED] Upgraded to 5.0 OSS - Sendmail Problem
    By Chewie71 in forum Installation
    Replies: 11
    Last Post: 12-28-2007, 06:07 PM
  3. Access Zimbra on port 443 via apache
    By CatiaL in forum Administrators
    Replies: 1
    Last Post: 06-15-2007, 02:11 AM
  4. HTTPS problem
    By EnglishDude in forum Installation
    Replies: 5
    Last Post: 11-25-2006, 07:40 AM
  5. Changing browser access from HTTPS to Both HTTPS and HTTP
    By kelley.ch in forum Administrators
    Replies: 5
    Last Post: 09-18-2006, 11:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •