Thanks for all the pointers. I'm tentatively moving forward with a
CA-less and DNS-less IPA server, with Letsencrypt certificates. I think
this is also the setup that is used by the demo at
<https://ipa.demo1.freeipa.org/ipa/ui/>. Is there some documentation
about this setup? I'm trying to install a Letsencrypt certificate into
FreeIPA, but when I run the installation:
ipa-server-install --http-cert-file cert.pem --http-cert-file
privkey.pem --dirsrv-cert-file cert.pem --dirsrv-cert-file privkey.pem
It asks for my "Apache Server private key unlock password", even though
the key from Letsencrypt is not encrypted with a passphrase. When I
give a bogus password, it gives me another error:
ipa.ipapython.install.cli.install_tool(Server): ERROR The full
certificate chain is not present in cert.pem, privkey.pem
Letsencrypt provides me with a few files: cert.pem, chain.pem,
fullchain.pem, privkey.pem. Even when I also add chain.pem and
fullchain.pem, it gives me the same error.
--
Remco
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project