Playbook #3608
/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml
Execution
Date 29 Aug 2025 11:31:33 +0100
Duration 00:01:32.86
Controller ssh-gw-4.layershift.com
User root
Versions
Ansible 2.16.11
ara 1.7.3 / 1.7.3
Python 3.10.10
Summary
5 Hosts
3 Tasks
15 Results
1 Plays
1 Files
0 Records
remote_user:root check:False tags:all

Task result details

  • Status
    OK
  • Duration
    00:01:26.26
  • Play
    Playbook to install
  • Task
    Install certificate on host
  • Host
    mbox1-stage

Field Value
changed 
False
cmd 
set -o pipefail
chown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt
su -l zimbra -c "cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key"
su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt"
su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt"
su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true"
su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1"
su -l zimbra -c "zmcontrol restart"
su -l zimbra -c "zmcertmgr viewdeployedcrt"
delta 
0:01:25.887704
end 
2025-08-29 10:33:05.958967
invocation 
{
    "module_args": {
        "_raw_params": "set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n",
        "_uses_shell": true,
        "argv": null,
        "chdir": null,
        "creates": null,
        "executable": "/bin/bash",
        "expand_argument_vars": true,
        "removes": null,
        "stdin": null,
        "stdin_add_newline": true,
        "strip_empty_ends": true
    }
}
msg
rc 
0
start 
2025-08-29 10:31:40.071263
stderr 
Could not read certificate from /tmp/ssl_stage_le.crt
Unable to load certificate
Could not read certificate from /tmp/ssl_stage_le.crt
Unable to load certificate
stderr_lines 
[
    "Could not read certificate from /tmp/ssl_stage_le.crt",
    "Unable to load certificate",
    "Could not read certificate from /tmp/ssl_stage_le.crt",
    "Unable to load certificate"
]
stdout 
** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'
ERROR: Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' do not match.
** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'
** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'
** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'
ERROR: Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' do not match.
Host mbox1.zimbra.stage.town
	Stopping vmware-ha...Done.
	Stopping zmconfigd...Done.
	Stopping zimlet webapp...Done.
	Stopping zimbraAdmin webapp...Done.
	Stopping zimbra webapp...Done.
	Stopping service webapp...Done.
	Stopping stats...Done.
	Stopping onlyoffice...Done.
	Stopping spell...Done.
	Stopping snmp...Done.
	Stopping cbpolicyd...Done.
	Stopping archiving...Done.
	Stopping opendkim...Done.
	Stopping amavis...Done.
	Stopping antivirus...Done.
	Stopping antispam...Done.
	Stopping proxy...Done.
	Stopping memcached...Done.
	Stopping mailbox...Done.
	Stopping convertd...Done.
	Stopping logger...Done.
	Stopping dnscache...Done.
Host mbox1.zimbra.stage.town
	Starting zmconfigd...Done.
	Starting logger...Done.
	Starting convertd...Done.
	Starting mailbox...Done.
	Starting spell...Done.
	Starting onlyoffice...Done.
	Starting stats...Done.
	Starting service webapp...Done.
	Starting zimbra webapp...Done.
	Starting zimbraAdmin webapp...Done.
	Starting zimlet webapp...Done.
- imapd: /opt/zimbra/conf/imapd.crt
notBefore=Jun  4 10:32:07 2025 GMT
notAfter=Sep  2 10:32:06 2025 GMT
subject=CN = proxy-mta.zimbra.stage.town
issuer=C = US, O = Let's Encrypt, CN = R11
SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
- ldap: /opt/zimbra/conf/slapd.crt
notBefore=Jun  4 10:32:07 2025 GMT
notAfter=Sep  2 10:32:06 2025 GMT
subject=CN = proxy-mta.zimbra.stage.town
issuer=C = US, O = Let's Encrypt, CN = R11
SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem
notBefore=Jun  4 10:32:07 2025 GMT
notAfter=Sep  2 10:32:06 2025 GMT
subject=CN = proxy-mta.zimbra.stage.town
issuer=C = US, O = Let's Encrypt, CN = R11
SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
- mta: /opt/zimbra/conf/smtpd.crt
notBefore=Jun  4 10:32:07 2025 GMT
notAfter=Sep  2 10:32:06 2025 GMT
subject=CN = proxy-mta.zimbra.stage.town
issuer=C = US, O = Let's Encrypt, CN = R11
SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
- proxy: /opt/zimbra/conf/nginx.crt
notBefore=Jun  4 10:32:07 2025 GMT
notAfter=Sep  2 10:32:06 2025 GMT
subject=CN = proxy-mta.zimbra.stage.town
issuer=C = US, O = Let's Encrypt, CN = R11
SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
stdout_lines 
[
    "** Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'",
    "ERROR: Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' do not match.",
    "** Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'",
    "** Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'",
    "** Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'",
    "ERROR: Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' do not match.",
    "Host mbox1.zimbra.stage.town",
    "\tStopping vmware-ha...Done.",
    "\tStopping zmconfigd...Done.",
    "\tStopping zimlet webapp...Done.",
    "\tStopping zimbraAdmin webapp...Done.",
    "\tStopping zimbra webapp...Done.",
    "\tStopping service webapp...Done.",
    "\tStopping stats...Done.",
    "\tStopping onlyoffice...Done.",
    "\tStopping spell...Done.",
    "\tStopping snmp...Done.",
    "\tStopping cbpolicyd...Done.",
    "\tStopping archiving...Done.",
    "\tStopping opendkim...Done.",
    "\tStopping amavis...Done.",
    "\tStopping antivirus...Done.",
    "\tStopping antispam...Done.",
    "\tStopping proxy...Done.",
    "\tStopping memcached...Done.",
    "\tStopping mailbox...Done.",
    "\tStopping convertd...Done.",
    "\tStopping logger...Done.",
    "\tStopping dnscache...Done.",
    "Host mbox1.zimbra.stage.town",
    "\tStarting zmconfigd...Done.",
    "\tStarting logger...Done.",
    "\tStarting convertd...Done.",
    "\tStarting mailbox...Done.",
    "\tStarting spell...Done.",
    "\tStarting onlyoffice...Done.",
    "\tStarting stats...Done.",
    "\tStarting service webapp...Done.",
    "\tStarting zimbra webapp...Done.",
    "\tStarting zimbraAdmin webapp...Done.",
    "\tStarting zimlet webapp...Done.",
    "- imapd: /opt/zimbra/conf/imapd.crt",
    "notBefore=Jun  4 10:32:07 2025 GMT",
    "notAfter=Sep  2 10:32:06 2025 GMT",
    "subject=CN = proxy-mta.zimbra.stage.town",
    "issuer=C = US, O = Let's Encrypt, CN = R11",
    "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town",
    "- ldap: /opt/zimbra/conf/slapd.crt",
    "notBefore=Jun  4 10:32:07 2025 GMT",
    "notAfter=Sep  2 10:32:06 2025 GMT",
    "subject=CN = proxy-mta.zimbra.stage.town",
    "issuer=C = US, O = Let's Encrypt, CN = R11",
    "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town",
    "- mailboxd: /opt/zimbra/mailboxd/etc/mailboxd.pem",
    "notBefore=Jun  4 10:32:07 2025 GMT",
    "notAfter=Sep  2 10:32:06 2025 GMT",
    "subject=CN = proxy-mta.zimbra.stage.town",
    "issuer=C = US, O = Let's Encrypt, CN = R11",
    "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town",
    "- mta: /opt/zimbra/conf/smtpd.crt",
    "notBefore=Jun  4 10:32:07 2025 GMT",
    "notAfter=Sep  2 10:32:06 2025 GMT",
    "subject=CN = proxy-mta.zimbra.stage.town",
    "issuer=C = US, O = Let's Encrypt, CN = R11",
    "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town",
    "- proxy: /opt/zimbra/conf/nginx.crt",
    "notBefore=Jun  4 10:32:07 2025 GMT",
    "notAfter=Sep  2 10:32:06 2025 GMT",
    "subject=CN = proxy-mta.zimbra.stage.town",
    "issuer=C = US, O = Let's Encrypt, CN = R11",
    "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town"
]