zmcertmgr error #168

skelkelos992 · 2023-06-04T07:56:36Z

The following error is shown when renewing a certificate and the deploy-hook is executed on a Rocky Linux 8 / Zimbra 9.0.0 server:

 Deploying certificates.
 zmcertmgr: ERROR deploycrt(comm /run/certbot_zimbra.sh/certs-oXnDDaXJ/cert.pem /run/certbot_zimbra.sh/certs-oXnDDaXJ/zimbra_chain.pem) failed:
  chdir(/root) failed: Permission denied

Folder permissions are the following

dr-xr-x--- 2 root zimbra 100 4 giu 10.08 certs-9YhF8BWL

To solve the issue I had to manually run as zimbra user

zmcertmgr deploycrt comm /run/certbot_zimbra.sh/certs-9YhF8BWL/cert.pem /run/certbot_zimbra.sh/certs-9YhF8BWL/zimbra_chain.pem

and then

zmcontrol restart

The text was updated successfully, but these errors were encountered:

jjakob · 2023-06-04T09:57:29Z

zmcertmgr seems to want to chdir into PWD, since PWD=/root and zmcertmgr is ran as zimbra it doesn't have permission to access that path. I don't know why zmcertmgr is doing this, it doesn't need to. I didn't encounter this bug when doing testing as I always ran certbot_zimbra with sudo, never as logged-in root in /root.

capsh does not set HOME to the user's home. Reverting to sudo is necessary to set the user's HOME and other login environment. sudo was previously replaced with capsh in 930fa01.

jjakob closed this as completed in 8b352f7 Jun 4, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

zmcertmgr error #168

zmcertmgr error #168

skelkelos992 commented Jun 4, 2023 •

edited

Loading

jjakob commented Jun 4, 2023

zmcertmgr error #168

zmcertmgr error #168

Comments

skelkelos992 commented Jun 4, 2023 • edited Loading

jjakob commented Jun 4, 2023

skelkelos992 commented Jun 4, 2023 •

edited

Loading