ara | Result #748409: [ok] ansible.builtin.shell on ldap2-stage for "Install certificate on host"

/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml

Execution

Date 20 Dec 2025 08:33:47 +0000

Duration 00:00:44.27

Controller ssh-gw-4.layershift.com

User root

Versions

Ansible 2.16.11

ara 1.7.3 / 1.7.3

Python 3.10.10

Summary

5 Hosts

3 Tasks

15 Results

1 Plays

1 Files

0 Records

remote_user:root check:False tags:all

Date
20 Dec 2025 08:33:47 +0000
Path
/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml

Argument	Value
version	None
verbosity	2
private_key_file	/home/ssh-gateway/.ssh/id_rsa
remote_user	root
connection	ssh
timeout	None
ssh_common_args	None
sftp_extra_args	None
scp_extra_args	None
ssh_extra_args	None
ask_pass	False
connection_password_file	None
force_handlers	False
flush_cache	False
become	False
become_method	sudo
become_user	None
become_ask_pass	False
become_password_file	None
tags	['all']
skip_tags	[]
check	False
diff	False
inventory	['/home/ssh-gateway/ansible/zimbra/inv-stage']
listhosts	False
subset	None
extra_vars	Not saved by ARA as configured by 'ignored_arguments'
vault_ids	[]
ask_vault_pass	False
vault_password_files	[]
forks	20
module_path	None
syntax	False
listtasks	False
listtags	False
step	False
start_at_task	None
args	['install_zimbra_certificate_stage_le.yaml']

Task result details

Status
OK
Duration
00:00:15.12
Play
Playbook to install
Task
Install certificate on host
Host
ldap2-stage

Date
20 Dec 2025 08:34:08 +0000
Module / Action
ansible.builtin.shell (/home/ssh-gateway/ansible/zimbra/install_zimbra_certificate_stage_le.yaml:36)

Field	Value
changed	False
cmd	set -o pipefail chown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt su -l zimbra -c "cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key" su -l zimbra -c "zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt" su -l zimbra -c "zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt" su -l zimbra -c "zmlocalconfig -e ldap_starttls_required=true" su -l zimbra -c "zmlocalconfig -e ldap_starttls_supported=1" su -l zimbra -c "zmcontrol restart" su -l zimbra -c "zmcertmgr viewdeployedcrt"
delta	0:00:14.734501
end	2025-12-20 08:34:08.888889
invocation	{ "module_args": { "_raw_params": "set -o pipefail\nchown zimbra.zimbra /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\nsu -l zimbra -c \"cp -prf /tmp/commercial_stage_le.key /opt/zimbra/ssl/zimbra/commercial/commercial.key\"\nsu -l zimbra -c \"zmcertmgr verifycrt comm /tmp/commercial_stage_le.key /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmcertmgr deploycrt comm /tmp/ssl_stage_le.crt /tmp/chain_stage_le.crt\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_required=true\"\nsu -l zimbra -c \"zmlocalconfig -e ldap_starttls_supported=1\"\nsu -l zimbra -c \"zmcontrol restart\"\nsu -l zimbra -c \"zmcertmgr viewdeployedcrt\"\n", "_uses_shell": true, "argv": null, "chdir": null, "creates": null, "executable": "/bin/bash", "expand_argument_vars": true, "removes": null, "stdin": null, "stdin_add_newline": true, "strip_empty_ends": true } }
msg
rc	0
start	2025-12-20 08:33:54.154388
stderr	Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master.
stderr_lines	[ "Unable to start TLS: SSL connect attempt failed error:0A000086:SSL routines::certificate verify failed when connecting to ldap master." ]
stdout	Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key' Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match. Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt' ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town error 20 at 0 depth lookup: unable to get local issuer certificate error /tmp/ssl_stage_le.crt: verification failed Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts' Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt' Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key' Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match. Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt' ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town error 20 at 0 depth lookup: unable to get local issuer certificate error /tmp/ssl_stage_le.crt: verification failed Host ldap2.zimbra.stage.town Stopping vmware-ha...Done. Stopping zmconfigd...Done. Stopping zimlet webapp...Done. Stopping zimbraAdmin webapp...Done. Stopping zimbra webapp...Done. Stopping service webapp...Done. Stopping stats...Done. Stopping onlyoffice...Done. Stopping spell...Done. Stopping snmp...Done. Stopping cbpolicyd...Done. Stopping archiving...Done. Stopping opendkim...Done. Stopping amavis...Done. Stopping antivirus...Done. Stopping antispam...Done. Stopping proxy...Done. Stopping memcached...Done. Stopping mailbox...Done. Stopping logger...Done. Stopping dnscache...Done. Stopping ldap...Done. Host ldap2.zimbra.stage.town Starting ldap...Done. - imapd: /opt/zimbra/conf/imapd.crt notBefore=Aug 29 07:26:43 2025 GMT notAfter=Nov 27 07:26:42 2025 GMT subject=CN=proxy-mta.zimbra.stage.town issuer=C=US, O=Let's Encrypt, CN=R13 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - ldap: /opt/zimbra/conf/slapd.crt notBefore=Aug 29 07:26:43 2025 GMT notAfter=Nov 27 07:26:42 2025 GMT subject=CN=proxy-mta.zimbra.stage.town issuer=C=US, O=Let's Encrypt, CN=R13 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - mta: /opt/zimbra/conf/smtpd.crt notBefore=Aug 29 07:26:43 2025 GMT notAfter=Nov 27 07:26:42 2025 GMT subject=CN=proxy-mta.zimbra.stage.town issuer=C=US, O=Let's Encrypt, CN=R13 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town - proxy: /opt/zimbra/conf/nginx.crt notBefore=Aug 29 07:26:43 2025 GMT notAfter=Nov 27 07:26:42 2025 GMT subject=CN=proxy-mta.zimbra.stage.town issuer=C=US, O=Let's Encrypt, CN=R13 SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town
stdout_lines	[ " Verifying '/tmp/ssl_stage_le.crt' against '/tmp/commercial_stage_le.key'", "Certificate '/tmp/ssl_stage_le.crt' and private key '/tmp/commercial_stage_le.key' match.", " Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'", "ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town", "error 20 at 0 depth lookup: unable to get local issuer certificate", "error /tmp/ssl_stage_le.crt: verification failed", " Creating directory '/opt/zimbra/ssl/zimbra/ca/newcerts'", " Touching file '/opt/zimbra/ssl/zimbra/ca/index.txt'", " Verifying '/tmp/ssl_stage_le.crt' against '/opt/zimbra/ssl/zimbra/commercial/commercial.key'", "Certificate '/tmp/ssl_stage_le.crt' and private key '/opt/zimbra/ssl/zimbra/commercial/commercial.key' match.", " Verifying '/tmp/ssl_stage_le.crt' against '/tmp/chain_stage_le.crt'", "ERROR: Unable to validate certificate chain: CN=proxy-mta.zimbra.stage.town", "error 20 at 0 depth lookup: unable to get local issuer certificate", "error /tmp/ssl_stage_le.crt: verification failed", "Host ldap2.zimbra.stage.town", "\tStopping vmware-ha...Done.", "\tStopping zmconfigd...Done.", "\tStopping zimlet webapp...Done.", "\tStopping zimbraAdmin webapp...Done.", "\tStopping zimbra webapp...Done.", "\tStopping service webapp...Done.", "\tStopping stats...Done.", "\tStopping onlyoffice...Done.", "\tStopping spell...Done.", "\tStopping snmp...Done.", "\tStopping cbpolicyd...Done.", "\tStopping archiving...Done.", "\tStopping opendkim...Done.", "\tStopping amavis...Done.", "\tStopping antivirus...Done.", "\tStopping antispam...Done.", "\tStopping proxy...Done.", "\tStopping memcached...Done.", "\tStopping mailbox...Done.", "\tStopping logger...Done.", "\tStopping dnscache...Done.", "\tStopping ldap...Done.", "Host ldap2.zimbra.stage.town", "\tStarting ldap...Done.", "- imapd: /opt/zimbra/conf/imapd.crt", "notBefore=Aug 29 07:26:43 2025 GMT", "notAfter=Nov 27 07:26:42 2025 GMT", "subject=CN=proxy-mta.zimbra.stage.town", "issuer=C=US, O=Let's Encrypt, CN=R13", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- ldap: /opt/zimbra/conf/slapd.crt", "notBefore=Aug 29 07:26:43 2025 GMT", "notAfter=Nov 27 07:26:42 2025 GMT", "subject=CN=proxy-mta.zimbra.stage.town", "issuer=C=US, O=Let's Encrypt, CN=R13", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- mta: /opt/zimbra/conf/smtpd.crt", "notBefore=Aug 29 07:26:43 2025 GMT", "notAfter=Nov 27 07:26:42 2025 GMT", "subject=CN=proxy-mta.zimbra.stage.town", "issuer=C=US, O=Let's Encrypt, CN=R13", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town", "- proxy: /opt/zimbra/conf/nginx.crt", "notBefore=Aug 29 07:26:43 2025 GMT", "notAfter=Nov 27 07:26:42 2025 GMT", "subject=CN=proxy-mta.zimbra.stage.town", "issuer=C=US, O=Let's Encrypt, CN=R13", "SubjectAltName=ldap1.zimbra.stage.town, ldap2.zimbra.stage.town, mbox1.zimbra.stage.town, mbox2.zimbra.stage.town, proxy-mta.zimbra.stage.town, zimbra.stage.town" ]

Playbook #4750

Task result details