I've been making progress with my upgrade to ZM1.34.26 with event notification.
I have ZM running nicely under HTTPS and have been following the guide on how to install and testzmnotification.
EDITED
When starting it manually in debug I get this fatal error
INF:2021-06-01,16:06:30 PARENT: using secrets file: /etc/zm/secrets.ini
01/06/21 16:06:30.468476 zmeventnotification[27276].INF [main:1022] [PARENT: using secrets file: /etc/zm/secrets.ini]
01/06/21 16:06:30.470918 zmeventnotification[27276].FAT [main:498] [Token:ES_CERT_FILE
/etc/letsencrypt/live/PORTAL/fullchain.pem not found in secret file]
DBG-:2021-06-01,16:06:30 PARENT: Received request to shutdown, please wait
I've edited secrets.ini as per below
ZM_PORTAL=https://PORTAL/zm
ZM_API_PORTAL=https://PORTAL/zm/api
ES_CERT_FILE=/etc/letsencrypt/live/PORTAL/fullchain.pem
ES_KEY_FILE=/etc/letsencrypt/live/PORTAL/privkey.pem
So it seems as though it's there but just not seen ? typo ?
I also ran this but not sure if it was actually needed , maybe it messed something up
sudo openssl req -x509 -nodes -days 4096 -newkey rsa:2048 -keyout /etc/letsencrypt/live/PORTAL/privkey.pem -out /etc/letsencrypt/live/PORTAL/fullchain.pem
Any pointers as to what I'm doing wrong ?
Regards Tim
Problem with zmnotification SSL certs
Re: Problem with zmnotification SSL certs
I found this in the docs - describes a similar problem and gives a fix - but it didn't work for me 
When the notification server is run in web user mode (example sudo -u www-data), the event notification server complains that it cannot find the certificate. The error is something like this:
zmeventnotification[10090].ERR [main:547] [Failed starting server: SSL_cert_file /etc/letsencrypt/live/mysite.net-0001/fullchain.pem does not exist at /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm line 402.]
The problem is read permissions, starting at the root level. Typically doing chown -R www-data:www-data /etc/letsencrypt solves this issue
When the notification server is run in web user mode (example sudo -u www-data), the event notification server complains that it cannot find the certificate. The error is something like this:
zmeventnotification[10090].ERR [main:547] [Failed starting server: SSL_cert_file /etc/letsencrypt/live/mysite.net-0001/fullchain.pem does not exist at /usr/share/perl5/vendor_perl/IO/Socket/SSL.pm line 402.]
The problem is read permissions, starting at the root level. Typically doing chown -R www-data:www-data /etc/letsencrypt solves this issue
Re: Problem with zmnotification SSL certs
still bogged down here but may have uncovered a clue as to what is wrong
as debug complained it could find fullchain.pem in secrets file I changed to cert.perm in both secret and zmnotification.ini files.
Strangely it still reports it can't find fullchain.pem - seems to have ignored my changes to the files !
Any help gratefully received.
Regards Tim
as debug complained it could find fullchain.pem in secrets file I changed to cert.perm in both secret and zmnotification.ini files.
Strangely it still reports it can't find fullchain.pem - seems to have ignored my changes to the files !
Any help gratefully received.
Regards Tim