On Mon, Dec 05, 2016 at 01:05:46PM -0500, Robert Kudyba wrote: > > >> you seem to have an issue when the LetsEncryptAuthorityX3 is being > >> installed. The certificate from the CA that issued this certificate > >> (DSTRootCAX3) seems to be installed correctly. Could you verify that > >> DSTRootCAX3 is marked as trusted CA by issuing: > >> > >> certutil -d /etc/httpd/alias/ -L > >> > >> The DSTRoootCAX3 should have C,, trust flags. > >> > >> There was an issue fixed last week that might caused this issue if you've > >> ever tried to install letsencrypt on this particular VM > >> before:https://github.com/freeipa/freeipa-letsencrypt/issues/1#issuecomment-263546822 > >> > >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_freeipa_freeipa-2Dletsencrypt_issues_1-23issuecomment-2D263546822&d=DgMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=R15wl7ZDV75_uTtU5lcgwToXZGnLc8w9icxEFK4tCw0&s=XMk-cW2MvWhcz18AYBu5IACJEq8Ouhj6EyX60BgxKFs&e=> > >> If that's the case, you will need to re-install IPA before the > >> letsencrypt solution will work. > > I tried to uninstall FreeIPA and Letsencrypt for FreeIPA but I’m getting this: > > ipa-server-install -U --uninstall > ipa.ipapython.install.cli.uninstall_tool(Server): ERROR Server removal > aborted: Deleting this server is not allowed as it would leave your > installation without a CA.. > ipa.ipapython.install.cli.uninstall_tool(Server): ERROR The > ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for > more information > [root@trill ~]# tail /var/log/ipaserver-uninstall.log > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line > 270, in decorated > func(installer) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line > 1047, in uninstall_check > remove_master_from_managed_topology(api, options) > File > "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line > 310, in remove_master_from_managed_topology > raise ScriptError(str(e)) > > 2016-12-05T17:53:05Z DEBUG The ipa-server-install command failed, exception: > ScriptError: Server removal aborted: Deleting this server is not allowed as > it would leave your installation without a CA.. > 2016-12-05T17:53:05Z ERROR Server removal aborted: Deleting this server is > not allowed as it would leave your installation without a CA.. > 2016-12-05T17:53:05Z ERROR The ipa-server-install command failed. See > /var/log/ipaserver-uninstall.log for more information > > Is there a better command? > Try again with the `--ignore-last-of-role' flag.
Cheers, Fraser > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
