Hi Team ,
FreeIPA server version :- 4.6.8
I was trying securing freeipa-server with-lets-encrypt-ssl-certificate and in
between the process i noticed that http suddenly failed , Iam listing down the
steps that i followed so far (not complete as httpd got dead in between ) .
Iam fairly new to FreeIPA so would appreciate Some help or guidance here .
Thanks
1. Taken backup of /var/lib/ipa/
2. Make directory mkdir freeipa-certs
3. cd freeipa-certs
4. Performed below step to get Lets Encrypt CA
CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem"
"lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
for CERT in "${CERTS[@]}"
do
curl -o $CERT "https://letsencrypt.org/certs/$CERT";
done
5. Install Let’s Encrypt CA certificates into FreeIPA certificate store:
CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem"
"lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
for CERT in "${CERTS[@]}"
do
ipa-cacert-manage install $CERT
done
######## Output of step 5 #########
Installing CA certificate, please wait
Verified CN=ISRG Root X1,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Installing CA certificate, please wait
Verified CN=ISRG Root X2,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Installing CA certificate, please wait
Verified CN=R3,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Installing CA certificate, please wait
Verified CN=E1,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Installing CA certificate, please wait
Verified CN=R4,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Installing CA certificate, please wait
Verified CN=E2,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
############################################
6. Update local IPA certificate databases with certificates from the server:
sudo ipa-certupdate
At below Stage httpd seems failing :
############# Output of Step 6 ##################################
[gp185132@idm canary-freeipa-certs]$ sudo ipa-certupdate
trying https://idm.ncrcanary.apibox.ml/ipa/json
[try 1]: Forwarding 'schema' to json server
'https://idm.ncrcanary.apibox.ml/ipa/json'
trying https://idm.ncrcanary.apibox.ml/ipa/session/json
[try 1]: Forwarding 'ca_is_enabled/1' to json server
'https://idm.ncrcanary.apibox.ml/ipa/session/json'
[try 1]: Forwarding 'ca_find/1' to json server
'https://idm.ncrcanary.apibox.ml/ipa/session/json'
Command '/bin/systemctl restart httpd.service' returned non-zero exit status 1
###########################################################
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
