Commercial certificate woes

[nspanahi]

So upgrading from 5.0.1 to 5.0.10 wiped my commercial certs.
I reissued the CSR using All Servers and got new certs from godaddy. I have tried EVERYTHING and nothing is working. I have read all the treads about using ALL servers (which I am) and using different combinations of certs that godaddy sends you (I have) and I still get the error

Your certificate was not installed due to the error : system failure: XXXXX ERROR: Unmatching certificate (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current.crt) and private key (/opt/zimbra/mailboxd/webapps/zimbraAdmin/tmp/current_comm.key) pair.

I have read that people tried the command line method, but I have too and most of them are for 4.x versions. PLEASE HELP IF YOU CAN

[dwmtractor]

I know you say you've tried everything, but in my experience (and I have been on this forum for a little while) the search engine rarely helps me find just that part of "everything" that I'm actually looking for, even if I'm the one who wrote it. . .. . .so please don't take this as condescending which I'm not trying to be!

But have you tried the steps I described here? Admittedly this was on an earlier 5.x.x release but it worked for me and seems to have worked for some others, and I did see the same error you have described before I did it exactly this way.

Do let us know in as much excruciating detail as possible if you still have problems. . .

[nspanahi]

I have tried that and several command line ones. Even the command line ones give the same error.

[bobby]

Let's make sure there aren't any extra or old files in the way. Please post the output of "ls -laR ~/ssl/". Are you working with zmcertmgr? Run "sudo zmcertmgr -h" for some sample commands.

BTW do you not have any backups of the old keystore and cert files? Check in /opt/zimbra/.saveconfig/

[nspanahi]

Here is the output. I am sure there are no old files hanging around

[root@metric ssl]# ls -laR *
zimbra:
total 40
drwxr----- 5 root root 4096 Oct 3 12:04 .
drwxr-xr-x 3 zimbra zimbra 4096 Oct 3 12:04 ..
drwxr----- 3 root root 4096 Oct 3 12:04 ca
drwxr----- 2 root root 4096 Oct 3 12:04 commercial
drwxr----- 2 root root 4096 Oct 3 12:04 server

zimbra/ca:
total 72
drwxr----- 3 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r----- 1 root root 708 Oct 3 12:04 ca.csr
-rw------- 1 zimbra root 887 Oct 3 12:04 ca.key
-rw-r--r-- 1 zimbra root 871 Oct 3 12:04 ca.pem
-rw-r--r-- 1 root root 11 Oct 3 12:04 ca.srl
-rwxr----- 1 root root 0 Oct 3 12:04 index.txt
drwxr----- 2 root root 4096 Oct 3 12:04 newcerts
-rw-r----- 1 zimbra zimbra 7677 Oct 3 12:04 zmssl.cnf

zimbra/ca/newcerts:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 3 root root 4096 Oct 3 12:04 ..

zimbra/commercial:
total 32
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..
-rw-r--r-- 1 root root 708 Oct 3 12:04 commercial.csr
-rw-r--r-- 1 root root 891 Oct 3 12:04 commercial.key

zimbra/server:
total 16
drwxr----- 2 root root 4096 Oct 3 12:04 .
drwxr----- 5 root root 4096 Oct 3 12:04 ..



And yes I have used zmcertmgr and know how to work with it. It gives the same error.