Instead of using the Let’s Encrypt thing on the IPA server itself, I often just
use it on a reverse proxy. This way the end-users see the verified CA and
FreeIPA can keep doing it’s business.
I tried to use ACME on the IPA server in the past, but it wasn’t very well
integrated and caused problems. Since only web-facing elements benefit from
external CA signed certificates (for users that access it but don’t have the CA
on their machine), it doesn’t actually need to be integrated with the rest of
> On 25 May 2017, at 13:39, Günther J. Niederwimmer via FreeIPA-users
> <email@example.com> wrote:
> after the mistake with Startcom CA (Class 3), now I look for a new
> Is it possible and functional to install a Letsencrypt CA on a IPA-Server?
> I have found a script on "github" to install a Letsencript CA for FreeIPA
> (fedora), but can any tell me is this working with CentOS 7.(3).
> Thanks for a answer,
> mit freundlichen Grüssen / best regards
> Günther J. Niederwimmer
> FreeIPA-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org