[Freeipa-users] Re: no clients records for a zones outside of the domain - ?

2022-03-24 Thread lejeczek via FreeIPA-users 



On 24/03/2022 02:02, Rob Crittenden wrote:

lejeczek via FreeIPA-users wrote:

Hi guys

Successful client installation on hosts with fqdn different from the
main domain should result in IPA create A records, right?
'hosts' are there for such new clients but no A records in that
"outside" zone.

Does IPA have that zone defined? Are dynamic updates enabled for the zone?

The details would be in the journal for named  and/or
ipaclient-install.log, probably named logging the update as REFUSED.

rob

ough, it keeps eluding me - when I look at that I think, 
without thinking - dynamic - will be 'dhcp' and not manual 
client installation - must make big yellow note with it.

Thanks, L
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Could find /var/lib/ipa/certs & /var/lib/ipa/private directories on FreeIPA Server.

2022-03-24 Thread Florence Blanc-Renaud via FreeIPA-users 
Hi,

it depends which cert you're referring to:
- the server certificate used by the httpd server is located in
/var/lib/ipa/certs/httpd.crt (when mod_ssl is used, otherwise it's
/etc/httpd/alias)
- the server certificate used by the LDAP server is in
/etc/dirsrv/slapd-YOURDOMAINNAME
- the KDC pkinit certificate is in /var/kerberos/krb5kdc/kdc.crt
- the certificates used by the PKI server are in /etc/pki/pki-tomcat/alias
- the RA cert (used to authenticate to the PKI server) is in
/var/lib/ipa/ra-agent.pem

The CA cert can be found in /etc/ipa/ca.crt.

HTH,
flo

On Thu, Mar 24, 2022 at 4:45 PM GAURAV Pande via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi Guys ,
>
> Could anyone let me know regardless of the github repo where can i find
> default certs (location) which FreeIPA uses ?
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread Florence Blanc-Renaud via FreeIPA-users 
On Thu, Mar 24, 2022 at 4:43 PM GAURAV Pande via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Okay Rob so i guess Centos 8 base should also work then , just checking ?
>
Yes, CentOS 8 should work.
flo


> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Could find /var/lib/ipa/certs & /var/lib/ipa/private directories on FreeIPA Server.

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Hi Guys ,

Could anyone let me know regardless of the github repo where can i find default 
certs (location) which FreeIPA uses ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Okay Rob so i guess Centos 8 base should also work then , just checking ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: DNS - no paypal.com RSASHA1 ?

2022-03-24 Thread rainer--- via FreeIPA-users 

Am 2022-03-24 14:34, schrieb lejeczek via FreeIPA-users:

On 22/03/2022 18:14, Rainer Duffner wrote:



Am 22.03.2022 um 18:07 schrieb lejeczek via FreeIPA-users 
:


p.s. is the world ready for such hardened IPA/dns? I mean.. 
ifpaypal.com cannot keep up..



In a production-setup, I would not rely on IPA-DNS for my general 
resolver-tasks.


I’d just forward it the necessary queries and let the actual resolvers 
do their work.




Why? Is it too much of a job for IPA DNS?
thanks, L



It's just that I would not want to mess too much with IPAs BIND 
configuration.


My actual resolvers would e.g. have RPZ zones configured and likely 
other internal domains.

___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: DNS - no paypal.com RSASHA1 ?

2022-03-24 Thread lejeczek via FreeIPA-users 



On 22/03/2022 18:14, Rainer Duffner wrote:



Am 22.03.2022 um 18:07 schrieb lejeczek via FreeIPA-users 
:


p.s. is the world ready for such hardened IPA/dns? I 
mean.. ifpaypal.com cannot keep up..



In a production-setup, I would not rely on IPA-DNS for my 
general resolver-tasks.


I’d just forward it the necessary queries and let the 
actual resolvers do their work.




Why? Is it too much of a job for IPA DNS?
thanks, L
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread Rob Crittenden via FreeIPA-users 
GAURAV Pande via FreeIPA-users wrote:
> Hi Rob ,
> 
> Thanks for prompt reply but i see the repo using dnf command and installing 
> certbot client as well under intial setup script so my query still remain's 
> on what OS version  can we run this repo regardless of the support?

If you want to use freeipa-letsencrypt then as Flo said, you need IPA
4.7.0+. RHEL-8 and 9 (and related rebuild distributions) use 4.9.x so
you should be ok with either (at least once 9 is released). Or Fedora 34+.

rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Hi Rob ,

Thanks for prompt reply but i see the repo using dnf command and installing 
certbot client as well under intial setup script so my query still remain's on 
what OS version  can we run this repo regardless of the support?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread Rob Crittenden via FreeIPA-users 
GAURAV Pande via FreeIPA-users wrote:
> Hi Florence , Rob 
> 
> FreeIPA Version is : 4.6.8 
> 
> Apologies if i might sound stupid here but iam kinda confuse , could you let 
> me know what exactly needs removal and how can i remove it or command via yum 
> ?

I don't know what you've done. I assume you installed certbot which
requires mod_ssl, so you installed that too. The problem is that IPA in
RHEL 7 uses mod_nss so now you have two crypto providers.

mod_nss doesn't use PEM files so you'd need to use
ipa-server-certinstall to load the LE cert and key into IPA.

Removing mod_ssl is trivial: rpm -e mod_ssl (or yum erase if you prefer)

That should also remove /etc/httpd/conf.d/ssl.conf but you'll want to
confirm it. Just removing the file is not sufficient because mod_ssl
will re-create it the next time the package is updated.

> Also regarding statement : "freeipa-letsencrypt does not support RHEL 7-based 
> systems" could you let me know what OS this repo will support and is it 
> FreeIPA limitation or Let's Encrypt (which i doubt the later one)

To be clear, freeipa-letsencrypt was created for our own purposes and we
open sourced as we do most things but it has absolute bare bones
support. It is not meant to, and will never, be the swiss army knife of
LE installs with IPA.

It isn't supported in RHEL 7 because we never needed it in RHEL 7. There
are no plans to add support and in fact even a contribution would likely
not be accepted since it would most probably atrophy.

rob
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Hi Florence , Rob 

FreeIPA Version is : 4.6.8 

Apologies if i might sound stupid here but iam kinda confuse , could you let me 
know what exactly needs removal and how can i remove it or command via yum ?

Also regarding statement : "freeipa-letsencrypt does not support RHEL 7-based 
systems" could you let me know what OS this repo will support and is it FreeIPA 
limitation or Let's Encrypt (which i doubt the later one)

Thanks 
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread Rob Crittenden via FreeIPA-users 
A new thread it indicated they are running 4.6.8. They need to either
remove mod_ssl or change the mod_ssl port, ideally the first because
while mod_nss and mod_ssl can co-exist in most cases this is likely to
not work with IPA because only one SSL module can own the proxy SSL support.

freeipa-letsencrypt does not support RHEL 7-based systems.

rob

Florence Blanc-Renaud via FreeIPA-users wrote:
> Hi,
> 
> it looks like your machine has configured both nss.conf and ssl.conf and
> they are conflicting. IPA started using mod_ssl instead of mod_nss in
> IPA 4.7.0+ (see the Release notes:
> https://www.freeipa.org/page/Releases/4.7.0#mod_ssl).
> 
> Which version of IPA are you using? Depending on it you will have to
> uninstall either mod_ssl or mod_nss.
> HTH,
> flo
> 
> On Thu, Mar 24, 2022 at 7:10 AM GAURAV Pande via FreeIPA-users
>  > wrote:
> 
> Also here is the output of command asked :
> 
> [gp185132@idm ~]$ sudo httpd -t -D DUMP_VHOSTS
> VirtualHost configuration:
> *:443                  is a NameVirtualHost
>          default server idm.ncrcanary.apibox.ml
>  (/etc/httpd/conf.d/nss.conf:81)
>          port 443 namevhost idm.ncrcanary.apibox.ml
>  (/etc/httpd/conf.d/nss.conf:81)
>          port 443 namevhost idm.ncrcanary.apibox.ml
>  (/etc/httpd/conf.d/ssl.conf:56)
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> 
> To unsubscribe send an email to
> freeipa-users-le...@lists.fedorahosted.org
> 
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
> 
> 
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure
> 
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread Florence Blanc-Renaud via FreeIPA-users 
Hi,

it looks like your machine has configured both nss.conf and ssl.conf and
they are conflicting. IPA started using mod_ssl instead of mod_nss in IPA
4.7.0+ (see the Release notes:
https://www.freeipa.org/page/Releases/4.7.0#mod_ssl).

Which version of IPA are you using? Depending on it you will have to
uninstall either mod_ssl or mod_nss.
HTH,
flo

On Thu, Mar 24, 2022 at 7:10 AM GAURAV Pande via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Also here is the output of command asked :
>
> [gp185132@idm ~]$ sudo httpd -t -D DUMP_VHOSTS
> VirtualHost configuration:
> *:443  is a NameVirtualHost
>  default server idm.ncrcanary.apibox.ml
> (/etc/httpd/conf.d/nss.conf:81)
>  port 443 namevhost idm.ncrcanary.apibox.ml
> (/etc/httpd/conf.d/nss.conf:81)
>  port 443 namevhost idm.ncrcanary.apibox.ml
> (/etc/httpd/conf.d/ssl.conf:56)
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Could find /var/lib/ipa/certs & /var/lib/ipa/private directories on FreeIPA Server.

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Hi Team .

FreeIPA Version : 4.6.8
 
I was going through the freeipa team provided letsencrypt repo 
(https://github.com/freeipa/freeipa-letsencrypt) where they are saying to take 
backup of certs and private directories and they are even used in one of the 
scripts renew-le.sh but in my freeIPA environment build on Centos 7 i couldn't 
find this directory on my freeIPA version , could you please let me know in 
version 4.6.8 where are  these default Certs  located ?
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Also here is the output of command asked :

[gp185132@idm ~]$ sudo httpd -t -D DUMP_VHOSTS
VirtualHost configuration:
*:443  is a NameVirtualHost
 default server idm.ncrcanary.apibox.ml (/etc/httpd/conf.d/nss.conf:81)
 port 443 namevhost idm.ncrcanary.apibox.ml 
(/etc/httpd/conf.d/nss.conf:81)
 port 443 namevhost idm.ncrcanary.apibox.ml 
(/etc/httpd/conf.d/ssl.conf:56)
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: httpd service failed when Configuring Let's Encrypt Certificate

2022-03-24 Thread GAURAV Pande via FreeIPA-users 
Hi ,

Thanks for further suggestion regarding seeing apache logs i see two types of 
logs under /var/log/httpd

1. ssl_error_log which seems to give ID related error in certificate :


[gp185132@idm log]$ sudo cat httpd/ssl_error_log
[Wed Mar 23 08:44:14.684239 2022] [ssl:warn] [pid 13553] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 08:49:22.362213 2022] [ssl:warn] [pid 13679] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 08:55:53.069305 2022] [ssl:warn] [pid 13892] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 08:57:14.441821 2022] [ssl:warn] [pid 14033] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 08:59:57.786261 2022] [ssl:warn] [pid 14146] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 09:18:42.689416 2022] [ssl:warn] [pid 15255] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 09:19:29.917671 2022] [ssl:warn] [pid 15451] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 09:22:29.840935 2022] [ssl:warn] [pid 15810] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
[Wed Mar 23 14:08:02.931798 2022] [ssl:warn] [pid 17155] AH01909: RSA 
certificate configured for idm.ncrcanary.apibox.ml:443 does NOT include an ID 
which matches the server name
##


2. error_log which seems to give again some SSL library related errors :

###
[Tue Mar 22 07:41:25.693398 2022] [:error] [pid 19198] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:26.101011 2022] [:error] [pid 19199] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:26.117640 2022] [:error] [pid 19197] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:36.192522 2022] [:error] [pid 19196] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:36.195377 2022] [:error] [pid 19599] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:36.854208 2022] [:error] [pid 19198] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:38.271086 2022] [:error] [pid 19196] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:38.272939 2022] [:error] [pid 19197] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:38.275932 2022] [:error] [pid 19599] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:39.163366 2022] [:error] [pid 19197] SSL Library Error: 
-12224 SSL peer had some unspecified issue with the certificate it received
[Tue Mar 22 07:41:55.013672 2022] [:error] [pid 19191] ipa: INFO: Starting new 
HTTP connection (1): idm.ncrcanary.apibox.ml
[Tue Mar 22 07:41:55.019100 2022] [:error] [pid 19191] ipa: INFO: Starting new 
HTTPS connection (1): idm.ncrcanary.apibox.ml
[Tue Mar 22 07:41:55.381375 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: i18n_messages(): SUCCESS
[Tue Mar 22 07:41:55.857491 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: config_show(): SUCCESS
[Tue Mar 22 07:41:55.861885 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: whoami(): SUCCESS
[Tue Mar 22 07:41:55.862651 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: env(None): SUCCESS
[Tue Mar 22 07:41:55.865040 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: dns_is_enabled(): SUCCESS
[Tue Mar 22 07:41:55.866606 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: trustconfig_show(): NotFound
[Tue Mar 22 07:41:55.868070 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: domainlevel_get(): SUCCESS
[Tue Mar 22 07:41:55.870723 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: batch: ca_is_enabled(): SUCCESS
[Tue Mar 22 07:41:55.873373 2022] [:error] [pid 19192] ipa: INFO: 
ad...@ncrcanary.apibox.ml: