Steps to remove expired domain certificate from domain level configuration

Revision as of 16:32, 15 April 2020 by Navdeep Mathur (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Remove expired domain certificate from domain level configuration

   KB 23368        Last updated on 2020-04-15  

(0 votes)


Unable to remove expired domain certificate from domain configuration.


With the help of following steps we can remove expired domain certificate and key entry from domain configuration.

1). Move old domain certificate from "domaincerts" directory to some other location.

mv /opt/zimbra/conf/domaincerts/<OLD-CERT-FILES> /tmp/ 

2). Clear certificate and private key entries from domain level configuration.

zmprov md DOMAIN.COM zimbraSSLCertificate "" zimbraSSLPrivateKey ""

3). On proxy server regenerate nginx configuration files to take changes.

/opt/zimbra/libexec/zmproxyconfgen -v -D -s <Any mailbox server name>   
/opt/zimbra/libexec/zmproxyconfgen -v -D  
/opt/zimbra/libexec/zmproxyconfgen -v 

4). Restart proxy service on all proxy servers.

zmproxyctl restart

Submitted by: Heera Singh Koranga
Verified Against: ZCS 8.8, 8.7, 8.6, 8.5 Date Created: 2017-08-23
Article ID: Date Modified: 2020-04-15

Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search