.ultrageek. Computers, Music, and Thoughts

7Jan/152

Starting Zmconfigd…Killed error message fix.

This might be basic linux administration but this error message had me chasing my tail for about an hour before renaming the zmconfigd.pid file under /opt/zimbra/log directory. Rename the file and do a zmcontrol restart.

"Starting Zmconfigd...Killed"

Filed under: Knowledge, Zimbra 2 Comments
23Jul/140

Renewing your Zimbra SSL Certification

An annual administrative task that can be a headache is renewing your SSL cert for Zimbra's web interfaces and service ports. In my previous post "Zimbra SSL Certicication Renewal with Godaddy" I listed out the steps. Having referred to that page I thought I would update the steps and share places that threw me for a loop.

  1. Certification Renewal - I complete the purchase, login to Godaddy, and under the "Products" tab click "SSL Certificates" to launch the Certificate Management website. It has for many years been its own beast so navigation to it is not always intuitive. Plus you cannot find your SSL certs under the 'Renewals' tab.
  2. Use Previous CSR, leave the defaults (SHA-2, GoDaddy)
  3. Download the Cert for 'Apache' web servers
  4. Rename the file in your archive from the random file name of 2fj30wdjw0f.crt to your domain_year.crt. It really doesn't matter except if for some reason you need to go back, it will be hard to understand what cert and domain the random file name is for. So for my domain I go with ultrageek_2014.crt and use that.
  5. As before, stick the 2 crt files on an ftp server, login as root, and pull them down preferably in a separate directory. You can use 'pwd' to show you your current path and 'cd ~' if you need to return to the home directory.
  6. Tip: Use the tab key to auto complete directories and file names by typing a few of the letters and then hitting tab. Hit multiple times to cycle through all names/options as needed.
  7. Run the command from the directory where the 2 certs are located:  /opt/zimbra/bin/zmcertmgr deploycrt comm example.com.crt gd_bundle.crt so for my domain it was:
    •  /opt/zimbra/bin/zmcertmgr deploycrt comm ultrageek_2014.crt gd_bundle-g2-g1.crt
    • Got the following errors:
    • ** Saving server config key zimbraSSLCertificate...failed.
      ** Saving server config key zimbraSSLPrivateKey...failed.
  8. Restart Zimbra!

So this years renewal went off without too much fuss. I picked 'Other' for the web server type when downloading the CRT and that seemed to have issue but other than that it was flawless.

Filed under: Knowledge, Zimbra No Comments
26Jul/130

Zimbra SSL Certification Renewal with Godaddy

Managing SSL certificates in Zimbra can be tricky. The UI is buggy and when the cert expires it takes down the server due to the server's services inability to talk to itself. Looking for help gives varying results depending on your Google search which will lead you down various troubleshooting paths.

After endless looking I did find the steps which I would recommend for quickly updating the SSL cert:

  • Renew and download your cert
  • Unzip and stick on an FTP server
  • Log in to your Zimbra box as root
  • FTP the 2 files to your server: gd_bundle.crt (intermediate and the root CA) and your server_name.crt
  • Run the following command: /opt/zimbra/bin/zmcertmgr deploycrt comm example.com.crt gd_bundle.crt
  • Pray you don't get errors...and you shouldn't
  • su zimbra
  • zmcontrol restart

You should now be good. I got this perl of wisdom from comments on this page: http://jamesreubenknowles.com/adding-a-godaddy-ssl-certificate-to-zimbra-7-1360

Look at the comment from "Hjörtur Árnason" and thank the tech gods this Good Samaritan left a comment that was able to solve my issue with where to copy the new cert and issues revolving around said task.

After getting this working I of course found the Zimbra documentation which provides detailed info for generating and deploying certs: http://wiki.zimbra.com/wiki/Administration_Console_and_CLI_Certificate_Tools

Filed under: Knowledge, Zimbra No Comments