>> you seem to have an issue when the LetsEncryptAuthorityX3 is being 
>> installed. The certificate from the CA that issued this certificate 
>> (DSTRootCAX3) seems to be installed correctly. Could you verify that 
>> DSTRootCAX3 is marked as trusted CA by issuing:
>> 
>> certutil -d /etc/httpd/alias/ -L
>> 
>> The DSTRoootCAX3 should have C,, trust flags.
>> 
>> There was an issue fixed last week that might caused this issue if you've 
>> ever tried to install letsencrypt on this particular VM 
>> before:https://github.com/freeipa/freeipa-letsencrypt/issues/1#issuecomment-263546822
>>  
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_freeipa_freeipa-2Dletsencrypt_issues_1-23issuecomment-2D263546822&d=DgMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=R15wl7ZDV75_uTtU5lcgwToXZGnLc8w9icxEFK4tCw0&s=XMk-cW2MvWhcz18AYBu5IACJEq8Ouhj6EyX60BgxKFs&e=>
>>  If that's the case, you will need to re-install IPA before the letsencrypt 
>> solution will work.

I tried to uninstall FreeIPA and Letsencrypt for FreeIPA but I’m getting this:

ipa-server-install -U --uninstall
ipa.ipapython.install.cli.uninstall_tool(Server): ERROR    Server removal 
aborted: Deleting this server is not allowed as it would leave your 
installation without a CA..
ipa.ipapython.install.cli.uninstall_tool(Server): ERROR    The 
ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for 
more information
[root@trill ~]# tail /var/log/ipaserver-uninstall.log
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 270, in decorated
    func(installer)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 1047, in uninstall_check
    remove_master_from_managed_topology(api, options)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", 
line 310, in remove_master_from_managed_topology
    raise ScriptError(str(e))

2016-12-05T17:53:05Z DEBUG The ipa-server-install command failed, exception: 
ScriptError: Server removal aborted: Deleting this server is not allowed as it 
would leave your installation without a CA..
2016-12-05T17:53:05Z ERROR Server removal aborted: Deleting this server is not 
allowed as it would leave your installation without a CA..
2016-12-05T17:53:05Z ERROR The ipa-server-install command failed. See 
/var/log/ipaserver-uninstall.log for more information

Is there a better command?

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to