{"id":748478,"status":"ok","playbook":{"id":4759,"items":{"plays":1,"tasks":3,"results":15,"hosts":5,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/zimbra/inv-stage"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_zimbra_certificate_stage_le.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2025-12-20T08:43:53.281618Z","ended":"2025-12-20T08:44:53.402160Z","duration":"00:01:00.120542","name":null,"ansible_version":"2.16.11","client_version":"1.7.3","python_version":"3.10.10","server_version":"1.7.3","status":"completed","path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":5259,"items":{"tasks":3,"results":15},"started":"2025-12-20T08:43:53.326852Z","ended":"2025-12-20T08:44:53.015988Z","duration":"00:00:59.689136","name":"Playbook to install","status":"completed"},"task":{"id":11731,"items":{"results":5},"path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml","tags":[],"started":"2025-12-20T08:43:58.922103Z","ended":"2025-12-20T08:44:52.967090Z","duration":"00:00:54.044987","name":"Install certificate on host","uuid":"001851d0-75dc-84cc-f2ac-00000000000a","action":"ansible.builtin.shell","lineno":36,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":6896},"host":{"id":267310,"name":"mbox2-stage","changed":1,"failed":0,"ok":3,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","delta":"0:00:53.170630","end":"2025-12-20 08:44:52.904646","invocation":{"module_args":{"_raw_params":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"","rc":0,"start":"2025-12-20 08:43:59.734016","stderr":"Connect: Unable to determine enabled services from ldap.\nEnabled services read from cache. Service list may be inaccurate.","stderr_lines":["Connect: Unable to determine enabled services from ldap.","Enabled services read from cache. Service list may be inaccurate."],"stdout":"** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'\nCertificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.\n** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'\nERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town\nerror 20 at 0 depth lookup: unable to get local issuer certificate\nerror /tmp/ssl_stage_le.crt: verification failed\n** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'\n** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'\n** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'\nCertificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.\n** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'\nERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town\nerror 20 at 0 depth lookup: unable to get local issuer certificate\nerror /tmp/ssl_stage_le.crt: verification failed\nHost mbox2.zimbra.stage.town\n\tStopping vmware-ha...Done.\n\tStopping zmconfigd...Done.\n\tStopping zimlet webapp...Done.\n\tStopping zimbraAdmin webapp...Done.\n\tStopping zimbra webapp...Done.\n\tStopping service webapp...Done.\n\tStopping stats...Done.\n\tStopping onlyoffice...Done.\n\tStopping spell...Done.\n\tStopping snmp...Done.\n\tStopping cbpolicyd...Done.\n\tStopping archiving...Done.\n\tStopping opendkim...Done.\n\tStopping amavis...Done.\n\tStopping antivirus...Done.\n\tStopping antispam...Done.\n\tStopping proxy...Done.\n\tStopping memcached...Done.\n\tStopping mailbox...Done.\n\tStopping convertd...Done.\n\tStopping logger...Done.\n\tStopping dnscache...Done.\nHost mbox2.zimbra.stage.town\n\tStarting zmconfigd...Done.\n\tStarting logger...Done.\n\tStarting convertd...Done.\n\tStarting mailbox...Done.\n\tStarting spell...Done.\n\tStarting stats...Done.\n\tStarting service webapp...Done.\n\tStarting zimbra webapp...Done.\n\tStarting zimbraAdmin webapp...Done.\n\tStarting zimlet webapp...Done.\n- imapd: /opt/zimbra/conf/imapd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- ldap: /opt/zimbra/conf/slapd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mta: /opt/zimbra/conf/smtpd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- proxy: /opt/zimbra/conf/nginx.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","stdout_lines":["** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'","Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.","** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'","ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town","error 20 at 0 depth lookup: unable to get local issuer certificate","error /tmp/ssl_stage_le.crt: verification failed","** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'","** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'","** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'","Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.","** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'","ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town","error 20 at 0 depth lookup: unable to get local issuer certificate","error /tmp/ssl_stage_le.crt: verification failed","Host mbox2.zimbra.stage.town","\tStopping vmware-ha...Done.","\tStopping zmconfigd...Done.","\tStopping zimlet webapp...Done.","\tStopping zimbraAdmin webapp...Done.","\tStopping zimbra webapp...Done.","\tStopping service webapp...Done.","\tStopping stats...Done.","\tStopping onlyoffice...Done.","\tStopping spell...Done.","\tStopping snmp...Done.","\tStopping cbpolicyd...Done.","\tStopping archiving...Done.","\tStopping opendkim...Done.","\tStopping amavis...Done.","\tStopping antivirus...Done.","\tStopping antispam...Done.","\tStopping proxy...Done.","\tStopping memcached...Done.","\tStopping mailbox...Done.","\tStopping convertd...Done.","\tStopping logger...Done.","\tStopping dnscache...Done.","Host mbox2.zimbra.stage.town","\tStarting zmconfigd...Done.","\tStarting logger...Done.","\tStarting convertd...Done.","\tStarting mailbox...Done.","\tStarting spell...Done.","\tStarting stats...Done.","\tStarting service webapp...Done.","\tStarting zimbra webapp...Done.","\tStarting zimbraAdmin webapp...Done.","\tStarting zimlet webapp...Done.","- imapd: /opt/zimbra/conf/imapd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- ldap: /opt/zimbra/conf/slapd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mta: /opt/zimbra/conf/smtpd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- proxy: /opt/zimbra/conf/nginx.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town"]},"created":"2025-12-20T08:44:52.953269Z","updated":"2025-12-20T08:44:52.953298Z","started":"2025-12-20T08:43:59.322242Z","ended":"2025-12-20T08:44:52.944788Z","duration":"00:00:53.622546","changed":false,"ignore_errors":false}