Thank you, when I put path looks different, but with new error :(
<TagSet object at 0x7f0e0fffed50 tags 0:32:16> not in asn1Spec: <OctetString schema object at 0x7f0e0fe17b50 tagSet <TagSet object at 0x7f0e1d9323d0 tags 0:0:4> encoding iso-8859-1> The ipa-server-certinstall command failed. On December 23, 2019 at 5:45:51 PM, Florence Blanc-Renaud ([email protected]) wrote: On 12/23/19 4:52 PM, Petar Kozić via FreeIPA-users wrote: > Hi folks, > > I have one IPA server in production for my small environment. There I > set Let’s Encrypt CA root and issue .p12 cert without problem. > > Now, I want to install FreeIPA on VPS, but I have problem with Let’s > encrypt SSL. I can’t import SSL. > > First, I imported CA certficates: > > ipa-cacert-manage -n DSTRootCAX3 -t C,, install DTSRootCAX3.pem > > ipa-cacert-manage -n LetsEncryptX3 -t C,, install ca.cer > > ipa-certupdate -v > > That’s all ok. > > But than, I generate new p12 > > with command: > > openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out ipa.p12 > -certfile fullchain.pem > > Than, ask me for pass and that all is ok. > > When I run: > > ipa-server-certinstall -w ipa.p12 -v > > ask me for Directory pass and pass which I enter in step above, > than I get error: > > ipalib.backend: DEBUG: Created connection context.ldap2_140380174158736 > ipapython.ipautil: DEBUG: Starting external process > ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d', > '/tmp/tmpauWQ5Z', '-N', '-f', '/tmp/tmpauWQ5Z/pwdfile.txt', '-@', > '/tmp/tmpauWQ5Z/pwdfile.txt'] > ipapython.ipautil: DEBUG: Process finished, return code=0 > ipapython.ipautil: DEBUG: stdout= > ipapython.ipautil: DEBUG: stderr= > ipapython.ipautil: DEBUG: Starting external process > ipapython.ipautil: DEBUG: args=['/usr/bin/pk12util', '-d', > 'dbm:/tmp/tmpauWQ5Z', '-i', 'ipa.p12', '-k', > '/tmp/tmpauWQ5Z/pwdfile.txt', '-v', '-w', '/tmp/tmp66gfLt'] > ipapython.ipautil: DEBUG: Process finished, return code=10 > ipapython.ipautil: DEBUG: stdout= > ipapython.ipautil: DEBUG: stderr=pk12util: File Open failed: ipa.p12: > PR_FILE_NOT_FOUND_ERROR: File not found > > ipapython.admintool: DEBUG: File > "/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in > execute > return_value = self.run() > File > "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", > line 116, in run > self.replace_http_cert() > File > "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", > line 156, in replace_http_cert > host_name=api.env.host > File > "/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py", > line 201, in load_pkcs12 > **kwargs) > File > "/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", > line 1151, in load_pkcs12 > raise ScriptError(str(e)) > > ipapython.admintool: DEBUG: The ipa-server-certinstall command failed, > exception: ScriptError: Failed to load ipa.p12 > ipapython.admintool: ERROR: Failed to load ipa.p12 > ipapython.admintool: ERROR: The ipa-server-certinstall command failed. > > > Some ideas ? > Hi, Did you try to provide the full path to ipa.p12? Check the file permissions? flo > *—* > * > * > *Petar Kozić* > System Administrator > > *mobile: *+381 6 <callto:+381%2060%2006%2088%20008>4 83 44 310* > * > *e-mail:* [email protected] <mailto:[email protected]> > > Mint Services | Jove Ilića 140 | 11000 Beograd | Srbija > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
