In reviewing Release Notes, the certificate was more than a year old. So I followed the instructions IN THE RELEASE NOTES and they failed. Apparently this failure has been around since 5.0.x and I do not understand why they have not been fixed.
Finally after another search on the failure to update certificates I was ended up at
Recreating a Self-Signed SSL Certificate - Zimbra :: Wiki
Following step-by-step it was finally resolved.
My real concern as a VAR/HSP is why do we have to jump through these hoops, particularly with a major upgrade and know deployment issue. Please excuse the rant but this one seems like a no-brainer.
Appreciate the help.