Zimbra 7.1.1 Starting nginx...nginx: [emerg] SSL_CTX_use_certificate_chain_file

[yogg1]

Hi

I have an Problem on my 7.1.1 Master/Replica installation. When I restart the zimbra "zmcontrol stop" "zmcontrol start" nginx does not start anymore.

Starting nginx...nginx: [emerg] SSL_CTX_use_certificate_chain_file("/opt/zimbra/conf/domaincerts/mydomain.com.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib)
failed.

This happens after the first domain where added.
There is no "/opt/zimbra/conf/domaincerts/" folder on my system.
We have no idea why this happens, we don't use an domain certificate (for this installation we don't want any).

Have someone an idea how to fix this?

yogg

[yogg1]

No one with the same problem?

[awe]

Hi,
Same prob no result But in my case, i installed a second webstore (multiserver installation) and after finished installation, my IMAPPROXY hung up! When i will start the proxy-service i get the error:


Starting nginx...nginx: [emerg] SSL_CTX_use_certificate_chain_file("/opt/zimbra/conf/domaincerts/<domainname>.crt") failed (SSL: error:02001002:system library:fopen:No such file or directory error:20074002:BIO routines:FILE_CTRL:system lib error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib)
failed.

So i didn't really know why he want to have a locale cert for the second webstore-server?

Kind regards

[awe]

HI,

found the problem! In my environment we us a loadbalancer who will check ther certs aso ... and on my second mailboxstore-server is sayed: zimbraReverseProxyMailMode Both

That means:
LDAP-Conf for WEbstore1: http
LDAP-Conf for Webstore2: Both
LDap-Conf for imapproxy: http

So i think that the imapproxy would like to have a cert for the webstore2 if you just want to use HTTPS! But the webstore has none and the proxy will check it on his own side and can't find one!

SO be sure to use the same config and the second side and the "zimbraReverseProxyMailMode"!

You can check it with:
" zmprov -l gs `zmhostname` |grep zimbraReverseProxyMailMode"

Hope this will help u

Kind regards