About 6 or 7 years ago I set up a proper self signed certificate for the external domains, and added "zimbra.vm.home" as an additional name on the cert, so everything was just peachy. Worked inside the network and out.
That is until tonight, when I decided to come up to the 21st century and install a "LetsEncrypt" certificate on the server with the external domain name (can't add private names to an LE cert).
Suddenly I'm confronted with :
Code: Select all
Unable to start TLS: hostname verification failed when connecting to ldap master.
No issues. I'm a fastidious "backeruper". So restore the original self-signed cert and we are back in business while I go away and have a think about the best way to tackle this one. I'm not in any rush at all as all of the client machines (and mobiles) have the CA installed.
From what I see, I have 2 options.
A) Rename the server and make the main public domain the server domain. I don't know how well that will go, but I can run plenty of tests on a cloned VM and try it out.
B) Disable TLS internal to the server and make all the services work unencrypted. Probably not ideal.
Does anyone have any other ideas?
To keep the pedants happy :
zimbra@zimbra:~$ zmcontrol -v
Release 8.8.12.GA.3794.UBUNTU14.64 UBUNTU14_64 NETWORK edition, Patch 8.8.12_P1 proxy.
It's actually 8.8.12_P4, but for some reason I can't be bothered to figure out, it doesn't report it (all components have the right revisions). I'm planning the 8.8.15 upgrade so that's the least of my worries. It's a single VM with 13 users and about 60G of mail, so it's not difficult to try different things (or restore snapshots).