Vadim Dobroskokin via FreeIPA-users wrote: > `ipa-acme-manager --enable` command failed on master replica. > On other replicas, the command completes successfully. > > FreeIPA 4.11, RockyLinux 9.4 > > Output fragment from failed command: > > ``` > ipaserver.masters: DEBUG: Discovery: available servers for service 'CA' are > ipa01.example.com, ipa11.example.com, ipa02.example.com > ipaserver.masters: DEBUG: Discovery: using ipa01.example.com for 'CA' service > ipapython.dogtag: DEBUG: request POST > https://ipa01.example.com:8443/acme/login > ipapython.dogtag: DEBUG: request body '' > ipapython.dogtag: DEBUG: response status 404 > ipapython.dogtag: DEBUG: response headers Content-Type: > text/html;charset=utf-8 > Content-Language: en > Content-Length: 765 > > > ipapython.dogtag: DEBUG: response body (decoded): b'<!doctype html><html > lang="en"><head><title>HTTP Status 404 \xe2\x80\x93 Not Found</title><style > type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b > {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 > {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} > .line > {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP > Status 404 \xe2\x80\x93 Not Found</h1><hr class="line" /><p><b>Type</b> > Status Report</p><p><b>Message</b> The requested resource > [/acme/login] is not available</p><p><b>Description</b> The origin > server did not find a current representation for the target resource or is > not willing to disclose that one exists.</p><hr class="line" /><h3>Apache > Tomcat/9.0.87</h3></body></html>' > ipapython.admintool: DEBUG: File > "/usr/lib/python3.9/site-packages/ipapython/admintool.py", line 180, in > execute > return_value = self.run() > File > "/usr/lib/python3.9/site-packages/ipaserver/install/ipa_acme_manage.py", line > 403, in run > with state as ca_api: > File > "/usr/lib/python3.9/site-packages/ipaserver/install/ipa_acme_manage.py", line > 103, in __enter__ > raise errors.RemoteRetrieveError( > > ipapython.admintool: DEBUG: The ipa-acme-manage command failed, exception: > RemoteRetrieveError: Failed to authenticate to CA REST API > ipapython.admintool: ERROR: Failed to authenticate to CA REST API > ipapython.admintool: ERROR: The ipa-acme-manage command failed. > ``` > > How can I fix this problem? >
We've had a few other reports of this but have never gotten to the bottom of it. The root cause is that the CA doesn't appear to have acme deployed at all. Do you have the directory /var/lib/pki/pki-tomcat/conf/acme ? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
