License for one of our client get expired and current status is in grace period.
Accident happen when server was forced to shutdown due to electrical problem. When the server goes up nothing email server still down. I try to start the service manually.
$ zmcontrol start
Host mail.yourdomain.com
Unable to determine enabled services from ldap.
Unable to determine enabled services. Cache is out of date or doesn’t exist.
Further investigation tell me about certificate expiration, I must renew it.
Here the steps :
# su – zimbra
$ /opt/zimbra/bin/zmcertmgr createca -new
/opt/zimbra/bin/zmcertmgr must be run as user root
$ exit
logout
Hohoho, the command must run by root.
Begin by generating a new Certificate Authority (CA).
# /opt/zimbra/bin/zmcertmgr createca -new
** Creating /opt/zimbra/ssl/zimbra/ca/zmssl.cnf…done
** Creating CA private key /opt/zimbra/ssl/zimbra/ca/ca.key…done.
** Creating CA cert /opt/zimbra/ssl/zimbra/ca/ca.pem…done.
Then generate a certificate signed by the CA that expires in 365 days.
# /opt/zimbra/bin/zmcertmgr createcrt -new -days 365
Validation days: 365
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Generating a server csr for download self -new -keysize 1024
** Creating /opt/zimbra/conf/zmssl.cnf…done
** Backup /opt/zimbra/ssl/zimbra to /opt/zimbra/ssl/zimbra.20101009200401
** Creating server cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
** Saving server config key zimbraSSLPrivateKey…failed.
** Signing cert request /opt/zimbra/ssl/zimbra/server/server.csr…done.
Next deploy the certificate.
# /opt/zimbra/bin/zmcertmgr deploycrt self
** Saving server config key zimbraSSLCertificate…done.
** Saving server config key zimbraSSLPrivateKey…done.
** Installing mta certificate and key…done.
** Installing slapd certificate and key…done.
** Installing proxy certificate and key…done.
** Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12…done.
** Creating keystore file /opt/zimbra/mailboxd/etc/keystore…done.
** Installing CA to /opt/zimbra/conf/ca…done.
Next deploy the CA
# /opt/zimbra/bin/zmcertmgr deployca
** Importing CA /opt/zimbra/ssl/zimbra/ca/ca.pem into CACERTS…done.
** Saving global config key zimbraCertAuthorityCertSelfSigned…done.
** Saving global config key zimbraCertAuthorityKeySelfSigned…done.
** Copying CA to /opt/zimbra/conf/ca…done.
To finish, verify the certificate was deployed to all the services.
# /opt/zimbra/bin/zmcertmgr viewdeployedcrt
::service mta::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service proxy::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service mailboxd::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
::service ldap::
notBefore=Oct 9 13:04:03 2010 GMT
notAfter=Oct 9 13:04:03 2011 GMT
subject= /C=US/ST=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
issuer= /C=US/ST=N/A/L=N/A/O=Zimbra Collaboration Suite/OU=Zimbra Collaboration
Suite/CN=mail.yourdomain.com
SubjectAltName=
#
done.
Try start the service :
~$ zmcontrol start
Host mail.yourdomain.com
Starting ldap…Done.
Starting logger…Done.
Starting convertd…Done.
Starting mailbox…Done.
Starting antispam…Done.
Starting antivirus…Done.
Starting snmp…Done.
Starting spell…Done.
Starting mta…Done.
Starting stats…Done.
$