Closed Igami closed 4 years ago
This script only works with IPA >= 4.7.0 that uses mod_ssl rather than mod_nss for Apache.
If you pop off the top couple of commits it should work with IPA 4.6.x. The change to mod_ssl was done fairly recently.
Thanks.
Here is what I do with ansible to get it working:
# https://github.com/freeipa/freeipa-letsencrypt
- yum:
name:
- epel-release
- dnf
- git
- git:
repo: https://github.com/freeipa/freeipa-letsencrypt.git
dest: /root/ipa-le
update: no
- command:
cmd: git checkout 601f03b147b34871ddb0655e898541c179b57431
chdir: /root/ipa-le
- lineinfile:
path: /root/ipa-le/renew-le.sh
regexp: '^EMAIL='
line: EMAIL="info@makerspace-gt.de"
- lineinfile:
path: /root/ipa-le/renew-le.sh
regexp: '^#?cd "\$WORKDIR"'
line: cd "$WORKDIR"
- command:
cmd: kinit -k -t /etc/krb5.keytab
- command:
cmd: /root/ipa-le/setup-le.sh
when: vagrant is undefined
- cron:
name: "check letsencrypt certificate"
minute: "0"
hour: "0"
job: "/root/ipa-le/renew-le.sh"
- service:
name: httpd
state: restarted
Ok cool, marking this as done.
I try to install FreeIPA next to ipsilon with a letsencrypt certificate on centos 7. Except for the certificate everything works fine.
Freeipa was installed using ansbile: https://github.com/freeipa/ansible-freeipa ipsilon as described on the website: https://ipsilon-project.org/doc/quickstart-ipa.html
The
setup-le.sh
ends with this: