{"id":116515,"status":"ok","playbook":{"id":1580,"items":{"plays":1,"tasks":2,"results":10,"hosts":5,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/zimbra/inv-stage"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_zimbra_certificate_stage.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2024-09-09T13:15:57.608936+01:00","ended":"2024-09-09T13:16:18.312845+01:00","duration":"00:00:20.703909","name":null,"ansible_version":"2.16.4","client_version":"1.7.1","python_version":"3.10.10","server_version":"1.7.1","status":"completed","path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":1588,"items":{"tasks":2,"results":10},"started":"2024-09-09T13:15:57.644771+01:00","ended":"2024-09-09T13:16:18.021813+01:00","duration":"00:00:20.377042","name":"Playbook to install zimbra wildcard certificate on cluster","status":"completed"},"task":{"id":2990,"items":{"results":5},"path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml","tags":[],"started":"2024-09-09T13:16:01.443000+01:00","ended":"2024-09-09T13:16:17.970551+01:00","duration":"00:00:16.527551","name":"Install certificate on host","uuid":"001851d0-75dc-c3bf-4be3-000000000009","action":"ansible.builtin.shell","lineno":18,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":2493},"host":{"id":52432,"name":"mbox2-stage","changed":0,"failed":0,"ok":2,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","delta":"0:00:13.003522","end":"2024-09-09 12:16:15.506542","invocation":{"module_args":{"_raw_params":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"","rc":0,"start":"2024-09-09 12:16:02.503020","stderr":"Connect: Unable to determine enabled services from ldap.","stderr_lines":["Connect: Unable to determine enabled services from ldap."],"stdout":"** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key'\nCertificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match.\n** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'\nERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11\nerror 2 at 1 depth lookup: unable to get issuer certificate\nerror /tmp/ssl_stage.crt: verification failed\n** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'\nCertificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.\n** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'\nERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11\nerror 2 at 1 depth lookup: unable to get issuer certificate\nerror /tmp/ssl_stage.crt: verification failed\nHost mbox2.zimbra.stage.town\n\tStopping vmware-ha...Done.\n\tStopping zmconfigd...Done.\n\tStopping zimlet webapp...Done.\n\tStopping zimbraAdmin webapp...Done.\n\tStopping zimbra webapp...Done.\n\tStopping service webapp...Done.\n\tStopping stats...Done.\n\tStopping onlyoffice...Done.\n\tStopping spell...Done.\n\tStopping snmp...Done.\n\tStopping cbpolicyd...Done.\n\tStopping archiving...Done.\n\tStopping opendkim...Done.\n\tStopping amavis...Done.\n\tStopping antivirus...Done.\n\tStopping antispam...Done.\n\tStopping proxy...Done.\n\tStopping memcached...Done.\n\tStopping mailbox...Done.\n\tStopping convertd...Done.\n\tStopping logger...Done.\n\tStopping dnscache...Done.\nHost mbox2.zimbra.stage.town\nUnable to determine enabled services. Cache is out of date or doesn't exist.\n- imapd: /opt/zimbra/conf/imapd.crt\nnotBefore=May 15 12:44:14 2024 GMT\nnotAfter=Aug 13 12:44:13 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R3\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- ldap: /opt/zimbra/conf/slapd.crt\nnotBefore=May 15 12:44:14 2024 GMT\nnotAfter=Aug 13 12:44:13 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R3\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem\nnotBefore=May 15 12:44:14 2024 GMT\nnotAfter=Aug 13 12:44:13 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R3\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mta: /opt/zimbra/conf/smtpd.crt\nnotBefore=May 15 12:44:14 2024 GMT\nnotAfter=Aug 13 12:44:13 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R3\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- proxy: /opt/zimbra/conf/nginx.crt\nnotBefore=May 15 12:44:14 2024 GMT\nnotAfter=Aug 13 12:44:13 2024 GMT\nsubject=CN = proxy-mta.zimbra.stage.town\nissuer=C = US, O = Let's Encrypt, CN = R3\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","stdout_lines":["** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key'","Certificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match.","** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'","ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11","error 2 at 1 depth lookup: unable to get issuer certificate","error /tmp/ssl_stage.crt: verification failed","** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'","Certificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.","** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'","ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11","error 2 at 1 depth lookup: unable to get issuer certificate","error /tmp/ssl_stage.crt: verification failed","Host mbox2.zimbra.stage.town","\tStopping vmware-ha...Done.","\tStopping zmconfigd...Done.","\tStopping zimlet webapp...Done.","\tStopping zimbraAdmin webapp...Done.","\tStopping zimbra webapp...Done.","\tStopping service webapp...Done.","\tStopping stats...Done.","\tStopping onlyoffice...Done.","\tStopping spell...Done.","\tStopping snmp...Done.","\tStopping cbpolicyd...Done.","\tStopping archiving...Done.","\tStopping opendkim...Done.","\tStopping amavis...Done.","\tStopping antivirus...Done.","\tStopping antispam...Done.","\tStopping proxy...Done.","\tStopping memcached...Done.","\tStopping mailbox...Done.","\tStopping convertd...Done.","\tStopping logger...Done.","\tStopping dnscache...Done.","Host mbox2.zimbra.stage.town","Unable to determine enabled services. Cache is out of date or doesn't exist.","- imapd: /opt/zimbra/conf/imapd.crt","notBefore=May 15 12:44:14 2024 GMT","notAfter=Aug 13 12:44:13 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R3","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- ldap: /opt/zimbra/conf/slapd.crt","notBefore=May 15 12:44:14 2024 GMT","notAfter=Aug 13 12:44:13 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R3","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem","notBefore=May 15 12:44:14 2024 GMT","notAfter=Aug 13 12:44:13 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R3","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mta: /opt/zimbra/conf/smtpd.crt","notBefore=May 15 12:44:14 2024 GMT","notAfter=Aug 13 12:44:13 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R3","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- proxy: /opt/zimbra/conf/nginx.crt","notBefore=May 15 12:44:14 2024 GMT","notAfter=Aug 13 12:44:13 2024 GMT","subject=CN = proxy-mta.zimbra.stage.town","issuer=C = US, O = Let's Encrypt, CN = R3","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town"]},"created":"2024-09-09T13:16:15.554419+01:00","updated":"2024-09-09T13:16:15.554445+01:00","started":"2024-09-09T13:16:02.053143+01:00","ended":"2024-09-09T13:16:15.546879+01:00","duration":"00:00:13.493736","changed":false,"ignore_errors":false}