Closed cmonty14 closed 4 years ago
What version of IPA?
It's the latest version provided by Fedora 29: 4.7.1
I don't fully understand the implementation of Let's Encrypt on Fedora. But I run a reverse proxy (HAproxy) on Debian with LE, and in that case there must be some specific configuration in order to have a working LE. Therefore I cannot exclude that the issue is related to a communication problem with "LE registration server" because FreeIPA server is not directly connected to internet but running in NAT network.
The issue is that IPA 4.7 no longer uses NSS to store the Apache server certificate so this script will not work with that version.
What is the proposed procedure to implement a certificate with LE for FreeIPA 4.7.x?
There isn't one currently. This issue will stand as the bug report that the script doesn't work with 4.7.x
no news ... This git is dead ?
Yes, it is unsupported.
Oki :-( . but Do you have an other solution ? It's really impossible to have a let's encrypt certificate to freeipa 4.8 ? Thanks in advance if you have information about that :-)
@petri3, I use FreeIPA with Let's Encrypt certificate when running https://ipa.demo1.freeipa.org/ipa/ui/ I finally took the time to upload my locally modified scripts to create a pull request - see #14. Does that work for you? I have not merged that myself and would prefer second pair of eyes.
I have executed script setup.sh from package "freeipa-letsencrypt". The installation finished with this error message:
What's causing this error? And how can I fix this?
The file "httpd-csr.der" in working directory (in my case /etc/ssl/ipa-le/) is 0 bytes. Therefore I conclude that the installation was not successful.
THX