Mta fail and others bugs after trying to regenerate another certificate

Running our Appliance (ZCA), ZCS on VMware, or any other virtual machine software? Post your thoughts here.
WolwX
Posts: 8
Joined: Fri Sep 12, 2014 11:37 pm

Mta fail and others bugs after trying to regenerate another certificate

Postby WolwX » Tue Nov 15, 2011 3:47 am

Hello,
Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/
I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.
So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide

Problem with Certificate can cause MTA Failure - Zimbra :: Wiki
root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               

root@ns384526:/opt/zimbra/ssl# rm -R *

root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca

root@ns384526:/opt/zimbra/conf/ca# rm -R *

root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca

** Creating directory /opt/zimbra/ssl/zimbra

** Creating directory /opt/zimbra/ssl/zimbra/ca

** Creating directory /opt/zimbra/ssl/zimbra/server

** Creating directory /opt/zimbra/ssl/zimbra/commercial

** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done

** Retrieving CA private key from ldap...failed.

** Retrieving CA cert from ldap...failed.

** Retrieving Commercial CA cert from ldap...failed.

** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.

** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.

** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.

** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.

** Copying CA to /opt/zimbra/conf/ca...done.

I have another bugs now ...
So Actually here it's the step I'm on :
zimbra@ns384526:~$ zmcontrol stop

Host ns384526.ovh.net

Stopping stats...Done.

Stopping mta...Done.

Stopping spell...Done.

Stopping snmp...Done.

Stopping cbpolicyd...Done.

Stopping archiving...Done.

Stopping antivirus...Done.

Stopping antispam...Done.

Stopping imapproxy...Done.

Stopping memcached...Done.

Stopping mailbox...Done.

Stopping logger...Done.

Stopping zmconfigd...Done.

Stopping ldap...Done.

You have new mail in /var/mail/zimbra

zimbra@ns384526:~$ zmcontrol start

Host ns384526.ovh.net

Starting ldap...Done.

Unable to determine enabled services from ldap.

Enabled services read from cache. Service list may be inaccurate.

Starting zmconfigd...Done.

Starting logger...Failed.

Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)

zimbra logger service is not enabled! failed.


Starting mailbox...Done.

Starting memcached...Done.

Starting imapproxy...Done.

Starting antispam...Done.

Starting antivirus...Done.

Starting snmp...Done.

Starting spell...Done.

Starting mta...Done.

Starting stats...Done.

zimbra@ns384526:~$ zmcontrol status

Unable to determine enabled services from ldap.

Enabled services read from cache. Service list may be inaccurate.

Host ns384526.ovh.net

antispam Running

antivirus Running

imapproxy Running

ldap Running

logger Stopped

zmlogswatchctl is not running

mailbox Stopped

zmmailboxdctl is not running.

memcached Running

mta Stopped

postfix is not running

snmp Stopped

zmswatch is not running.

spell Running

stats Running

zmconfigd Running

zimbra@ns384526:~$

And here the output of my hosts check =>
cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

46.105.123.172 ns384526.ovh.net

# The following lines are desirable for IPv6 capable hosts

#(added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback

feo0::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any
; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0
;; QUESTION SECTION:

;ns384526.ovh.net. IN ANY
;; ANSWER SECTION:

ns384526.ovh.net. 79481 IN A 46.105.123.172
;; AUTHORITY SECTION:

ovh.net. 79480 IN NS dns11.ovh.net.

ovh.net. 79480 IN NS ns10.ovh.net.

ovh.net. 79480 IN NS dns15.ovh.net.

ovh.net. 79480 IN NS dns13.ovh.net.

ovh.net. 79480 IN NS ns11.ovh.net.

ovh.net. 79480 IN NS ns13.ovh.net.

ovh.net. 79480 IN NS ns12.ovh.net.

ovh.net. 79480 IN NS dns12.ovh.net.

ovh.net. 79480 IN NS dns10.ovh.net.

ovh.net. 79480 IN NS ns15.ovh.net.
;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Nov 15 10:16:27 2011

;; MSG SIZE rcvd: 245
root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx
; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;ns384526.ovh.net. IN MX
;; AUTHORITY SECTION:

ovh.net. 600 IN SOA dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600
;; Query time: 5 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Nov 15 10:17:02 2011

;; MSG SIZE rcvd: 81
root@ns384526:/opt/zimbra/conf/ca# host `hostname`

ns384526.ovh.net has address 46.105.123.172



So if someone could help me I will he very happy ^^


phoenix
Ambassador
Ambassador
Posts: 26709
Joined: Fri Sep 12, 2014 9:56 pm
Location: Liverpool, England

Mta fail and others bugs after trying to regenerate another certificate

Postby phoenix » Tue Nov 15, 2011 4:33 am

Let's start with the following information, update your forum profile with the output of the following command (do not post the output in this thread:
zmcontrol -v

[quote user="WolwX"]Hello,
Since I restarted my dedicated server I have many bugs and my zimbra mail server don't work anymore :/
I have some doubt about the certificate because I know that's can be in relation with my starting bug, mta fail with smtp side not working.
So I tried to work on this side, of regenerating a new certificate, but since I did some try by following this guide

[url=Problem with Certificate can cause MTA Failure - Zimbra :: Wiki[/url]
root@ns384526:/opt/zimbra/conf/ca# cd /opt/zimbra/ssl               

root@ns384526:/opt/zimbra/ssl# rm -R *

root@ns384526:/opt/zimbra/ssl# cd /opt/zimbra/conf/ca

root@ns384526:/opt/zimbra/conf/ca# rm -R *

root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr createca

** Creating directory /opt/zimbra/ssl/zimbra

** Creating directory /opt/zimbra/ssl/zimbra/ca

** Creating directory /opt/zimbra/ssl/zimbra/server

** Creating directory /opt/zimbra/ssl/zimbra/commercial

** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf...done

** Retrieving CA private key from ldap...failed.

** Retrieving CA cert from ldap...failed.

** Retrieving Commercial CA cert from ldap...failed.

** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key...done.

** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem...done.

root@ns384526:/opt/zimbra/conf/ca# /opt/zimbra/bin/zmcertmgr deployca

** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS...done.

** Saving global config key zimbraCertAuthorityCertSelfSigned...failed.

** Saving global config key zimbraCertAuthorityKeySelfSigned...failed.

** Copying CA to /opt/zimbra/conf/ca...done.

I have another bugs now ...
So Actually here it's the step I'm on :
zimbra@ns384526:~$ zmcontrol stop

Host ns384526.ovh.net

Stopping stats...Done.

Stopping mta...Done.

Stopping spell...Done.

Stopping snmp...Done.

Stopping cbpolicyd...Done.

Stopping archiving...Done.

Stopping antivirus...Done.

Stopping antispam...Done.

Stopping imapproxy...Done.

Stopping memcached...Done.

Stopping mailbox...Done.

Stopping logger...Done.

Stopping zmconfigd...Done.

Stopping ldap...Done.

You have new mail in /var/mail/zimbra

zimbra@ns384526:~$ zmcontrol start

Host ns384526.ovh.net

Starting ldap...Done.

Unable to determine enabled services from ldap.

Enabled services read from cache. Service list may be inaccurate.

Starting zmconfigd...Done.

Starting logger...Failed.

Starting logswatch...ERROR: service.FAILURE (system failure: ZimbraLdapContext) (cause: javax.net.ssl.SSLHandshakeException sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed)

zimbra logger service is not enabled! failed.


Starting mailbox...Done.

Starting memcached...Done.

Starting imapproxy...Done.

Starting antispam...Done.

Starting antivirus...Done.

Starting snmp...Done.

Starting spell...Done.

Starting mta...Done.

Starting stats...Done.

zimbra@ns384526:~$ zmcontrol status

Unable to determine enabled services from ldap.

Enabled services read from cache. Service list may be inaccurate.

Host ns384526.ovh.net

antispam Running

antivirus Running

imapproxy Running

ldap Running

logger Stopped

zmlogswatchctl is not running

mailbox Stopped

zmmailboxdctl is not running.

memcached Running

mta Stopped

postfix is not running

snmp Stopped

zmswatch is not running.

spell Running

stats Running

zmconfigd Running

zimbra@ns384526:~$

And here the output of my hosts check =>
cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 localhost.localdomain localhost

46.105.123.172 ns384526.ovh.net

# The following lines are desirable for IPv6 capable hosts

#(added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback

feo0::0 ip6-localnet

ff00::0 ip6-mcastprefix

ff02::1 ip6-allnodes

ff02::2 ip6-allrouters

ff02::3 ip6-allhosts

root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net any
; <<>> DiG 9.7.3 <<>> ns384526.ovh.net any

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 10, ADDITIONAL: 0
;; QUESTION SECTION:

;ns384526.ovh.net. IN ANY
;; ANSWER SECTION:

ns384526.ovh.net. 79481 IN A 46.105.123.172
;; AUTHORITY SECTION:

ovh.net. 79480 IN NS dns11.ovh.net.

ovh.net. 79480 IN NS ns10.ovh.net.

ovh.net. 79480 IN NS dns15.ovh.net.

ovh.net. 79480 IN NS dns13.ovh.net.

ovh.net. 79480 IN NS ns11.ovh.net.

ovh.net. 79480 IN NS ns13.ovh.net.

ovh.net. 79480 IN NS ns12.ovh.net.

ovh.net. 79480 IN NS dns12.ovh.net.

ovh.net. 79480 IN NS dns10.ovh.net.

ovh.net. 79480 IN NS ns15.ovh.net.
;; Query time: 0 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Nov 15 10:16:27 2011

;; MSG SIZE rcvd: 245
root@ns384526:/opt/zimbra/conf/ca# dig ns384526.ovh.net mx
; <<>> DiG 9.7.3 <<>> ns384526.ovh.net mx

;; global options: +cmd

;; Got answer:

;; ->>HEADER<
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:

;ns384526.ovh.net. IN MX
;; AUTHORITY SECTION:

ovh.net. 600 IN SOA dns10.ovh.net. tech.ovh.net. 2011111508 86400 3600 3600000 600
;; Query time: 5 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)

;; WHEN: Tue Nov 15 10:17:02 2011

;; MSG SIZE rcvd: 81
root@ns384526:/opt/zimbra/conf/ca# host `hostname`

ns384526.ovh.net has address 46.105.123.172



So if someone could help me I will he very happy ^^[/QUOTE]These are not 'bugs' they are configuration issues.
Go to the wiki and search for the words 'certificates cli' and you'll find a Certified Document that tells you how to generate the certificates for each version of Zimbra, pick the one that's suitable for your versions.
Your hosts file is incorrect as, apparently, are your DNS records. According to the output of the commands you've posted there's no MX record for your server. I'd suggest you go to the Split DNS article and read what's necessary for the correct configuration of the hosts & resolv.conf files adn the DNS A & MX records. When you've read that article and fixed your config you can run all the commands in the 'Verify....' section of that article to confirm your settings.
I'm assuming this is a single server install? If that's the case then you should not have imapproxy nor memcached installed or running, search the forums for details on how to disable and remove those services and reset the ports to their defaults.
Regards

Bill

Rspamd: A high performance spamassassin replacement

Per ardua ad astra
WolwX
Posts: 8
Joined: Fri Sep 12, 2014 11:37 pm

Mta fail and others bugs after trying to regenerate another certificate

Postby WolwX » Tue Nov 15, 2011 5:59 am

Ok, information updated into my profile
Thanks for your help
But, my zimbra settings was working, and my server was working correctly
Since my I restarted my dedicated server I have those problems of configuration, but I don't changed nothing (at less since some month, but the dedicated was running without restart since two months).
I use the default hostname, the one used by my dedicated hoster.
I will check all thoses informations, but there'snt any way to fix my problem and start the mail server before having corrected all those things ?
About those things, how I can't change nothing about mx record for exemple since I use a subdomain name ?

There is a way to keep my hostname and to correctly set mx records to pass the dig request side ?
WolwX
Posts: 8
Joined: Fri Sep 12, 2014 11:37 pm

Mta fail and others bugs after trying to regenerate another certificate

Postby WolwX » Wed Nov 16, 2011 6:04 am

Ok so to solve this problem of bad configuration I tried to reinstall
As expected, all was ok, but not the mta side.
So I wish to know what are the good settings I must set to work with my dedicated who already have working DNS settings
Actually my dedicated server always use the classic reverse and hostname, so something like xxxx.ovh.net
Can I install the zcs with one of my domain name or I must install it with xxxx.ovh.net and add my domain name into the administration gui ?
If I not I must change the reverse and hostname ? or can I have help to set the correct dns settings taking in consideration I'm not the DNS master of the hostname I use because that's a subdomain ?

Return to “Virtualization”

Who is online

Users browsing this forum: No registered users and 1 guest