[Freeipa-users] Re: Last FreeIPA master is failing

Thu, 11 Jun 2020 08:27:15 -0700 

Hi Rob,

Again thanks for your reply. So I got went to the commit that lasted from 2017 
and re-ran setup-le.sh
Output is here:

https://pastebin.com/JAaD4R21

In the end I get this error:

ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140213913461328
ipapython.admintool: INFO: The ipa-certupdate command was successful
certutil: Server-Cert is neither a key-type nor a nickname nor a key-id: 
SEC_ERROR_INVALID_ARGS: security library: invalid arguments.

If I try renew-le

# bash renew-le.sh
certutil: could not find certificate named "Server-Cert": 
PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Server-Cert is neither a key-type nor a nickname nor a key-id: 
SEC_ERROR_INVALID_ARGS: security library: invalid arguments.

(btw https://lists.fedoraproject.org is down)


Ricardo Mendes via FreeIPA-users wrote:


Ok so I don't know what happened the server really did take a long time to come 
up but it did.

Everything looks pretty much the same. The setup-le.sh command I ran that said


The ipa-certupdate command was successful

But I can't see it. I have to start ipa services with --ignore-service-failure 
and --skip-version-check
When I go to web I still see the old expired certificate from May 21st.

I tried to run renew-le and I get this error:

# bash renew-le.sh
Error opening Certificate /var/lib/ipa/certs/httpd.crt
140430772283280:error:02001002:system library:fopen:No such file or 
directory:bss_file.c:402:fopen('/var/lib/ipa/certs/httpd.crt','r')
140430772283280:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load certificate


That's the incompatibilities I mentioned. I think if you pop the top one
or two commits off then it will start to work again. Look for a commit
that's like "switch to mod_ssl" and pop that off.

rob

_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]

Reply via email to