{"id":748495,"status":"ok","playbook":{"id":4761,"items":{"plays":1,"tasks":3,"results":15,"hosts":5,"files":1,"records":0},"arguments":{"version":null,"verbosity":2,"private_key_file":"/home/ssh-gateway/.ssh/id_rsa","remote_user":"root","connection":"ssh","timeout":null,"ssh_common_args":null,"sftp_extra_args":null,"scp_extra_args":null,"ssh_extra_args":null,"ask_pass":false,"connection_password_file":null,"force_handlers":false,"flush_cache":false,"become":false,"become_method":"sudo","become_user":null,"become_ask_pass":false,"become_password_file":null,"tags":["all"],"skip_tags":[],"check":false,"diff":false,"inventory":["/home/ssh-gateway/ansible/zimbra/inv-stage"],"listhosts":false,"subset":null,"extra_vars":"Not saved by ARA as configured by 'ignored_arguments'","vault_ids":[],"ask_vault_pass":false,"vault_password_files":[],"forks":20,"module_path":null,"syntax":false,"listtasks":false,"listtags":false,"step":false,"start_at_task":null,"args":["install_zimbra_certificate_stage_le.yaml"]},"labels":[{"id":1,"name":"remote_user:root"},{"id":2,"name":"check:False"},{"id":3,"name":"tags:all"}],"started":"2025-12-20T08:47:34.186105Z","ended":"2025-12-20T08:48:20.720927Z","duration":"00:00:46.534822","name":null,"ansible_version":"2.16.11","client_version":"1.7.3","python_version":"3.10.10","server_version":"1.7.3","status":"completed","path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml","controller":"ssh-gw-4.layershift.com","user":"root"},"play":{"id":5261,"items":{"tasks":3,"results":15},"started":"2025-12-20T08:47:34.228837Z","ended":"2025-12-20T08:48:20.427940Z","duration":"00:00:46.199103","name":"Playbook to install","status":"completed"},"task":{"id":11735,"items":{"results":5},"path":"/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml","tags":[],"started":"2025-12-20T08:47:39.804118Z","ended":"2025-12-20T08:48:20.379396Z","duration":"00:00:40.575278","name":"Install certificate on host","uuid":"001851d0-75dc-874c-38d3-00000000000a","action":"ansible.builtin.shell","lineno":36,"handler":false,"status":"completed","warnings":[],"deprecations":[],"exceptions":[],"file":6898},"host":{"id":267316,"name":"ldap2-stage","changed":1,"failed":0,"ok":3,"skipped":0,"unreachable":0},"delegated_to":[],"content":{"changed":false,"cmd":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","delta":"0:00:30.991620","end":"2025-12-20 08:48:11.365500","invocation":{"module_args":{"_raw_params":"set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n","_uses_shell":true,"argv":null,"chdir":null,"creates":null,"executable":"/bin/bash","expand_argument_vars":true,"removes":null,"stdin":null,"stdin_add_newline":true,"strip_empty_ends":true}},"msg":"","rc":0,"start":"2025-12-20 08:47:40.373880","stderr":"Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master.","stderr_lines":["Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master."],"stdout":"** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'\nCertificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.\n** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'\nERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town\nerror 20 at 0 depth lookup: unable to get local issuer certificate\nerror /tmp/ssl_stage_le.crt: verification failed\n** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'\n** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'\n** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'\nCertificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.\n** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'\nERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town\nerror 20 at 0 depth lookup: unable to get local issuer certificate\nerror /tmp/ssl_stage_le.crt: verification failed\nHost ldap2.zimbra.stage.town\n\tStopping vmware-ha...Done.\n\tStopping zmconfigd...Done.\n\tStopping zimlet webapp...Done.\n\tStopping zimbraAdmin webapp...Done.\n\tStopping zimbra webapp...Done.\n\tStopping service webapp...Done.\n\tStopping stats...Done.\n\tStopping onlyoffice...Done.\n\tStopping spell...Done.\n\tStopping snmp...Done.\n\tStopping cbpolicyd...Done.\n\tStopping archiving...Done.\n\tStopping opendkim...Done.\n\tStopping amavis...Done.\n\tStopping antivirus...Done.\n\tStopping antispam...Done.\n\tStopping proxy...Done.\n\tStopping memcached...Done.\n\tStopping mailbox...Done.\n\tStopping logger...Done.\n\tStopping dnscache...Done.\n\tStopping ldap...Done.\nHost ldap2.zimbra.stage.town\n\tStarting ldap...Done.\n- imapd: /opt/zimbra/conf/imapd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- ldap: /opt/zimbra/conf/slapd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- mta: /opt/zimbra/conf/smtpd.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town\n- proxy: /opt/zimbra/conf/nginx.crt\nnotBefore=Aug 29 07:26:43 2025 GMT\nnotAfter=Nov 27 07:26:42 2025 GMT\nsubject=CN=proxy-mta.zimbra.stage.town\nissuer=C=US, O=Let's Encrypt, CN=R13\nSubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","stdout_lines":["** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'","Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.","** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'","ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town","error 20 at 0 depth lookup: unable to get local issuer certificate","error /tmp/ssl_stage_le.crt: verification failed","** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'","** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'","** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'","Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.","** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'","ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town","error 20 at 0 depth lookup: unable to get local issuer certificate","error /tmp/ssl_stage_le.crt: verification failed","Host ldap2.zimbra.stage.town","\tStopping vmware-ha...Done.","\tStopping zmconfigd...Done.","\tStopping zimlet webapp...Done.","\tStopping zimbraAdmin webapp...Done.","\tStopping zimbra webapp...Done.","\tStopping service webapp...Done.","\tStopping stats...Done.","\tStopping onlyoffice...Done.","\tStopping spell...Done.","\tStopping snmp...Done.","\tStopping cbpolicyd...Done.","\tStopping archiving...Done.","\tStopping opendkim...Done.","\tStopping amavis...Done.","\tStopping antivirus...Done.","\tStopping antispam...Done.","\tStopping proxy...Done.","\tStopping memcached...Done.","\tStopping mailbox...Done.","\tStopping logger...Done.","\tStopping dnscache...Done.","\tStopping ldap...Done.","Host ldap2.zimbra.stage.town","\tStarting ldap...Done.","- imapd: /opt/zimbra/conf/imapd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- ldap: /opt/zimbra/conf/slapd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- mta: /opt/zimbra/conf/smtpd.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town","- proxy: /opt/zimbra/conf/nginx.crt","notBefore=Aug 29 07:26:43 2025 GMT","notAfter=Nov 27 07:26:42 2025 GMT","subject=CN=proxy-mta.zimbra.stage.town","issuer=C=US, O=Let's Encrypt, CN=R13","SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town"]},"created":"2025-12-20T08:48:11.399414Z","updated":"2025-12-20T08:48:11.399440Z","started":"2025-12-20T08:47:40.015343Z","ended":"2025-12-20T08:48:11.392241Z","duration":"00:00:31.376898","changed":false,"ignore_errors":false}