Execution
Date
09 Sep 2024 13:18:46 +0100
Duration
None
Controller
ssh-gw-4.layershift.com
User
root
Versions
Ansible
2.16.4
ara
1.7.1 / 1.7.1
Python
3.10.10
Summary
5
Hosts
2
Tasks
7
Results
1
Plays
1
Files
0
Records
Task result details
-
StatusOK
-
Duration00:00:12.76
-
PlayPlaybook to install zimbra wildcard certificate on cluster
-
TaskInstall certificate on host
-
Hostmbox2-stage
-
Date09 Sep 2024 13:19:03 +0100
-
Module / Actionansible.builtin.shell (/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage.yaml:18)
| Field | Value |
|---|---|
| changed |
False |
| cmd |
set -o pipefail chown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt su -l zimbra -c "cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key" su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt" su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt" su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true" su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1" su -l zimbra -c "zmcontrol restart" su -l zimbra -c "zmcertmgr viewdeployedcrt" |
| delta |
0:00:12.367691 |
| end |
2024-09-09 12:19:03.385304 |
| invocation |
{ "module_args": { "_raw_params": "set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage.key /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage.crt /tmp/chain_stage.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } } |
| msg |
|
| rc |
0 |
| start |
2024-09-09 12:18:51.017613 |
| stderr |
Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master. |
| stderr_lines |
[ "Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master." ] |
| stdout |
** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key' Certificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match. ** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt' ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11 error 2 at 1 depth lookup: unable to get issuer certificate error /tmp/ssl_stage.crt: verification failed ** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. ** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt' ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11 error 2 at 1 depth lookup: unable to get issuer certificate error /tmp/ssl_stage.crt: verification failed Host mbox2.zimbra.stage.town Stopping vmware-ha...Done. Stopping zmconfigd...Done. Stopping zimlet webapp...Done. Stopping zimbraAdmin webapp...Done. Stopping zimbra webapp...Done. Stopping service webapp...Done. Stopping stats...Done. Stopping onlyoffice...Done. Stopping spell...Done. Stopping snmp...Done. Stopping cbpolicyd...Done. Stopping archiving...Done. Stopping opendkim...Done. Stopping amavis...Done. Stopping antivirus...Done. Stopping antispam...Done. Stopping proxy...Done. Stopping memcached...Done. Stopping mailbox...Done. Stopping convertd...Done. Stopping logger...Done. Stopping dnscache...Done. Host mbox2.zimbra.stage.town - imapd: /opt/zimbra/conf/imapd.crt notBefore=May 15 12:44:14 2024 GMT notAfter=Aug 13 12:44:13 2024 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R3 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - ldap: /opt/zimbra/conf/slapd.crt notBefore=May 15 12:44:14 2024 GMT notAfter=Aug 13 12:44:13 2024 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R3 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem notBefore=May 15 12:44:14 2024 GMT notAfter=Aug 13 12:44:13 2024 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R3 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - mta: /opt/zimbra/conf/smtpd.crt notBefore=May 15 12:44:14 2024 GMT notAfter=Aug 13 12:44:13 2024 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R3 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - proxy: /opt/zimbra/conf/nginx.crt notBefore=May 15 12:44:14 2024 GMT notAfter=Aug 13 12:44:13 2024 GMT subject=CN = proxy-mta.zimbra.stage.town issuer=C = US, O = Let's Encrypt, CN = R3 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town |
| stdout_lines |
[ "** Verifying '/tmp/ssl_stage.crt' against '/tmp/commercial_stage.key'", "Certificate '/tmp/ssl_stage.crt' and private key '/tmp/commercial_stage.key' match.", "** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'", "ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11", "error 2 at 1 depth lookup: unable to get issuer certificate", "error /tmp/ssl_stage.crt: verification failed", "** Verifying '/tmp/ssl_stage.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'", "Certificate '/tmp/ssl_stage.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.", "** Verifying '/tmp/ssl_stage.crt' against '/tmp/chain_stage.crt'", "ERROR: Unable to validate certificate chain: C = US, O = Let's Encrypt, CN = R11", "error 2 at 1 depth lookup: unable to get issuer certificate", "error /tmp/ssl_stage.crt: verification failed", "Host mbox2.zimbra.stage.town", "\tStopping vmware-ha...Done.", "\tStopping zmconfigd...Done.", "\tStopping zimlet webapp...Done.", "\tStopping zimbraAdmin webapp...Done.", "\tStopping zimbra webapp...Done.", "\tStopping service webapp...Done.", "\tStopping stats...Done.", "\tStopping onlyoffice...Done.", "\tStopping spell...Done.", "\tStopping snmp...Done.", "\tStopping cbpolicyd...Done.", "\tStopping archiving...Done.", "\tStopping opendkim...Done.", "\tStopping amavis...Done.", "\tStopping antivirus...Done.", "\tStopping antispam...Done.", "\tStopping proxy...Done.", "\tStopping memcached...Done.", "\tStopping mailbox...Done.", "\tStopping convertd...Done.", "\tStopping logger...Done.", "\tStopping dnscache...Done.", "Host mbox2.zimbra.stage.town", "- imapd: /opt/zimbra/conf/imapd.crt", "notBefore=May 15 12:44:14 2024 GMT", "notAfter=Aug 13 12:44:13 2024 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R3", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- ldap: /opt/zimbra/conf/slapd.crt", "notBefore=May 15 12:44:14 2024 GMT", "notAfter=Aug 13 12:44:13 2024 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R3", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem", "notBefore=May 15 12:44:14 2024 GMT", "notAfter=Aug 13 12:44:13 2024 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R3", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- mta: /opt/zimbra/conf/smtpd.crt", "notBefore=May 15 12:44:14 2024 GMT", "notAfter=Aug 13 12:44:13 2024 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R3", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- proxy: /opt/zimbra/conf/nginx.crt", "notBefore=May 15 12:44:14 2024 GMT", "notAfter=Aug 13 12:44:13 2024 GMT", "subject=CN = proxy-mta.zimbra.stage.town", "issuer=C = US, O = Let's Encrypt, CN = R3", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town" ] |