I need help to renew the zimbra certificates.
I've setup a Zimbra OCS 7.2.2 about one year ago and the 365 days certificates are going to expire !

  • ZIM30 : zimbra proxy
  • ZIM31 : LDAP + MTA + LOG + Store
  • ZIM32 : Store

I've run as root on ZIM31 (LDAP) when the zimbra was still running the 4 following commands :

/opt/zimbra/bin/zmcertmgr createca -new

/opt/zimbra/bin/zmcertmgr createcrt -new -days 3650 -subject "/C=US/ST=CA/L=NVA/O=ZCS/OU=ZCS/CN=*.fiducial.dom"

/opt/zimbra/bin/zmcertmgr createcrt -new -days 3650 -subjectAltNames "applmail.fiducial.fr,lxlyozim30.fiducial.dom,lxly ozim31.fiducial.dom,lxlyozim32.fiducial.dom"

/opt/zimbra/bin/zmcertmgr deploycrt self -allserver
according to Multi-Node Self-Signed Certificate Administration Console and CLI Certificate Tools - Zimbra :: Wiki
No errors was returned during the operation but the ldap service didn't restart and used his cache. ZIM30 and ZIM32 didn't restart because they can't communicate with the ldap.

I've restored a backup.

What is the right way to do ?