Here the procedure to use Let’s Encrypt certificate with freeIPA Download isrgrootx1 certificate:
# wget https://letsencrypt.org/certs/isrgrootx1.pem.txt # mv isrgrootx1.pem.txt isrgrootx1.pem Download letsencryptauthorityx3 certificate: # wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt # mv letsencryptauthorityx3.pem.txt letsencryptauthorityx3.pem Install CA to freeIPA # ipa-cacert-manage install isrgrootx1.pem -n ISRGRootX1 -t ,, # ipa-cacert-manage install letsencryptauthorityx3.pem -n letsencryptx3 -t C,, I added DSTRootCAX3 certificate, but I'm not sure if it's necessary # crete a file DSTRootCAX3.pem with the content of https://www.identrust.com/certificates/trustid/root-download-x3.html # ipa-cacert-manage install DSTRootCAX3.pem -n DSTRootCAX3 -t ,, Update certificates # kinit admin # ipa-certupdate Install Let’s Encrypt certificate (I used a DNS-01 challenge: http://letsencrypt.readthedocs.io/en/latest/challenges.html) # ipa-server-certinstall -w -d /etc/letsencrypt/live/your.doma.in/privkey.pem /etc/letsencrypt/live/your.doma.in/fullchain.pem --pin= Restart the system # systemctl restart httpd.service # systemctl restart dirsrv@BLACKPOINTS-CH.service or # ipactl restart That's all _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
