Results 1 to 10 of 66

Thread: [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

Hybrid View

  1. #1
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default [SOLVED] Expired Cert in 5.0GA can cause mail Delivery failure

    Hi guys.

    I upgraded my OSS server this morning (CentoS 4.5) and it just refuses mail...

    I have lots of errors in the zimbra.log :
    Code:
     postfix/trivial-rewrite[9811]: fatal: ldap://opt/zimbra/conf/ldap-vad.cf(0,lock|fold_fix): table lookup problem
    error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    And
    Code:
    postfix/smtpd[8439]: warning: problem talking to service rewrite: Success
    postfix/master[7626]: warning: process /opt/zimbra/postfix-2.4.3.3z/libexec/trivial-rewrite pid 9809 exit status
    I found nothing (yet) on the forum...
    Last edited by Klug; 12-21-2007 at 01:51 PM.

  2. #2
    Join Date
    Oct 2005
    Location
    Thatcher, AZ
    Posts
    5,606
    Rep Power
    21

    Default

    Can you post your whole log file?

    Attach to thread.

    Quanah is going to post some instructions for info he needs.

  3. #3
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    This can happen if your CA Cert has expired. Are there lines about startTLS failing for postfix? Something along the lines of:

    postfix/trivial-rewrite[20583]: error: dict_ldap_connect: Unable to set STARTTLS: -11: Connect error
    If that's the case, then you will need to kill your old CA cert in LDAP, and then generate a new one, using the zmcertmgr tool.

    --Quanah
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

  4. #4
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    Quote Originally Posted by quanah View Post
    This can happen if your CA Cert has expired.
    My (self signed) cert is actually expired, you are right.

    I'm creating a new one right away.
    Last edited by Klug; 12-21-2007 at 02:03 PM.

  5. #5
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    New certificate (/opt/zimbra/bin/zmcertmgr install self -new) did not fix it.

    Clean log attached.
    Attached Files Attached Files

  6. #6
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,322
    Rep Power
    13

    Default

    I tried to create a new certificate through the AdminUI.

    Here's what I got :
    Code:
    Your certificate was not installed due to the error : system failure: XXXXX ERROR: failed to create jetty.pkcs12

  7. #7
    Join Date
    May 2007
    Location
    Zimbra
    Posts
    1,285
    Rep Power
    10

    Default

    I've not done it via the adminUI. What I had to do was:

    (a) cd /opt/zimbra/ssl; mkdir bak; mv * bak
    (b) Kill the CA Cert in LDAP via an ldapmodify operation on cn=config,cn=zimbra

    (c) run /opt/zimbra/bin/zmcertmgr createca
    (d) run /opt/zimbra/bin/zmcertmgr deployca
    (e) run /opt/zimbra/bin/zmcertmgr install self -new

    --Quanah
    Last edited by quanah; 12-22-2007 at 01:12 PM.
    Quanah Gibson-Mount
    Server Architect
    Zimbra, Inc
    --------------------
    Zimbra :: the leader in open source messaging and collaboration

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 02:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 07:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 10:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 09:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 04:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •