GAURAV Pande via FreeIPA-users wrote:
> Hi Team ,
>
> FreeIPA server version :- 4.6.8
>
> I was trying securing freeipa-server with-lets-encrypt-ssl-certificate and in
> between the process i noticed that http suddenly failed , Iam listing down
> the steps that i followed so far (not complete as httpd got dead in between )
> .
>
> Iam fairly new to FreeIPA so would appreciate Some help or guidance here .
> Thanks
>
> 1. Taken backup of /var/lib/ipa/
> 2. Make directory mkdir freeipa-certs
> 3. cd freeipa-certs
>
> 4. Performed below step to get Lets Encrypt CA
>
> CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem"
> "lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
> for CERT in "${CERTS[@]}"
> do
> curl -o $CERT "https://letsencrypt.org/certs/$CERT";
> done
>
> 5. Install Let’s Encrypt CA certificates into FreeIPA certificate store:
>
> CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem"
> "lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
> for CERT in "${CERTS[@]}"
> do
> ipa-cacert-manage install $CERT
> done
>
> ######## Output of step 5 #########
>
> Installing CA certificate, please wait
> Verified CN=ISRG Root X1,O=Internet Security Research Group,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> Installing CA certificate, please wait
> Verified CN=ISRG Root X2,O=Internet Security Research Group,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> Installing CA certificate, please wait
> Verified CN=R3,O=Let's Encrypt,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> Installing CA certificate, please wait
> Verified CN=E1,O=Let's Encrypt,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> Installing CA certificate, please wait
> Verified CN=R4,O=Let's Encrypt,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> Installing CA certificate, please wait
> Verified CN=E2,O=Let's Encrypt,C=US
> CA certificate successfully installed
> The ipa-cacert-manage command was successful
> ############################################
>
> 6. Update local IPA certificate databases with certificates from the server:
> sudo ipa-certupdate
>
> At below Stage httpd seems failing :
>
> ############# Output of Step 6 ##################################
> [gp185132@idm canary-freeipa-certs]$ sudo ipa-certupdate
> trying https://idm.ncrcanary.apibox.ml/ipa/json
> [try 1]: Forwarding 'schema' to json server
> 'https://idm.ncrcanary.apibox.ml/ipa/json'
> trying https://idm.ncrcanary.apibox.ml/ipa/session/json
> [try 1]: Forwarding 'ca_is_enabled/1' to json server
> 'https://idm.ncrcanary.apibox.ml/ipa/session/json'
> [try 1]: Forwarding 'ca_find/1' to json server
> 'https://idm.ncrcanary.apibox.ml/ipa/session/json'
> Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
> ###########################################################
You need to look to see why httpd failed to start, either in its own
logs or in the journal.
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
