Using commercial certificate.

LDAP starts up just fine, things work as expected, then I start getting errors:

Message: system failure: unable to lookup account via query: (&(zimbraId=c5ef2156-eee3-486e-99fa-f4f99e521708)(objectClass=zimbraAccount)) message: LDAP error: - unable to get connection: An error occurred while attempting to connect to server An error occurred while attempting to establish a connection to server Connection refused Error code: service.FAILURE Method: [unknown] Details:soap:Receiver

Logs show lots and lots of these:

Oct 5 15:30:45 webmail postfix/trivial-rewrite[5844]: warning: proxy:ldap:/opt/zimbra/conf/ table lookup problem
Oct 5 15:30:50 webmail postfix/proxymap[5808]: error: dict_ldap_connect: Unable to set STARTTLS: -1: Can't contact LDAP server

restarting zimbra fixes this for a little while

but eventually, it starts failing again.

netstat shows the port available