search

freeipa / freeipa-letsencrypt

A quick hack allowing to use Let's Encrypt certificates for FreeIPA web interface.
140 stars 71 forks source link

Error opening Private Key /var/lib/ipa/private/httpd.key #20

Closed Igami closed 4 years ago

Igami commented 4 years ago

I try to install FreeIPA next to ipsilon with a letsencrypt certificate on centos 7. Except for the certificate everything works fine.

Freeipa was installed using ansbile: https://github.com/freeipa/ansible-freeipa ipsilon as described on the website: https://ipsilon-project.org/doc/quickstart-ipa.html

The setup-le.sh ends with this:

+ /root/freeipa-letsencrypt/renew-le.sh --first-time
Error opening Private Key /var/lib/ipa/private/httpd.key
140147027949456:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/var/lib/ipa/private/httpd.key','r')
140147027949456:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
[root@ipa freeipa-letsencrypt]# bash -x setup-le.sh 
+ set -o nounset -o errexit
+++ realpath setup-le.sh
++ dirname /root/freeipa-letsencrypt/setup-le.sh
+ WORKDIR=/root/freeipa-letsencrypt
+ dnf install letsencrypt -y
Letzte Prüfung auf abgelaufene Metadaten: vor 13:51:02 am Mo 25 Mai 2020 17:50:19 UTC.
Package certbot-1.3.0-1.el7.noarch is already installed.
Abhängigkeiten sind aufgelöst.
Nichts zu tun.
Fertig.
+ ipa-cacert-manage install /root/freeipa-letsencrypt/ca/DSTRootCAX3.pem -n DSTRootCAX3 -t C,,
Installing CA certificate, please wait
Verified DSTRootCAX3
CA certificate successfully installed
The ipa-cacert-manage command was successful
+ ipa-certupdate -v
ipapython.admintool: DEBUG: Not logging to a file
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.remote_plugins.schema$6ea52b69...
ipalib.plugable: DEBUG: importing plugin module ipaclient.remote_plugins.schema$6ea52b69.plugins
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins...
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certprofile
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbacrule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbactest
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.internal
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.location
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.migration
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken_yubikey
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.permission
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.rpcclient
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.sudorule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.topology
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault
ipalib.rpc: DEBUG: found session_cookie in persistent storage for principal 'host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE', cookie: 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d'
ipalib.rpc: DEBUG: setting session_cookie into context 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;'
ipalib.rpc: INFO: trying https://ipa.makerspace-gt.de/ipa/session/json
ipalib.backend: DEBUG: Created connection context.rpcclient_140371180083856
ipalib.install.kinit: DEBUG: Initializing principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE using keytab /etc/krb5.keytab
ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-9tCQD5/ccache
ipalib.install.kinit: DEBUG: Attempt 1/1: success
ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107')
ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: New HTTP connection (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache url=ldap://ipa.makerspace-gt.de:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7faab60da1b8>
ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231')
ipalib.frontend: DEBUG: ca_find(None, version=u'2.231')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: HTTP connection keep-alive (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE
ipalib.install.sysrestore: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n DSTRootCAX3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n ISRGRootCAX1 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout 300
ipapython.ipautil: DEBUG: waiting for port: 389
ipapython.ipautil: DEBUG: SUCCESS: port: 389
ipaplatform.base.services: DEBUG: Restart of dirsrv@MAKERSPACE-GT-DE.service complete
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n DSTRootCAX3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n ISRGRootCAX1 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipaplatform.base.services: DEBUG: Restart of httpd.service complete
ipaclient.install.ipa_certupdate: DEBUG: resubmitting certmonger request '20200525172055'
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'GENERATING_CSR', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'MONITORING', variant_level=1)
ipaclient.install.ipa_certupdate: DEBUG: modifying certmonger request '20200525172055'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External CA cert
: PR_FILE_NOT_FOUND_ERROR: File not found

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n DSTRootCAX3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n ISRGRootCAX1 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140371180083856
ipapython.admintool: INFO: The ipa-certupdate command was successful
+ ipa-cacert-manage install /root/freeipa-letsencrypt/ca/LetsEncryptAuthorityX3.pem -n letsencryptx3 -t C,,
Installing CA certificate, please wait
Verified letsencryptx3
CA certificate successfully installed
The ipa-cacert-manage command was successful
+ ipa-certupdate -v
ipapython.admintool: DEBUG: Not logging to a file
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.remote_plugins.schema$6ea52b69...
ipalib.plugable: DEBUG: importing plugin module ipaclient.remote_plugins.schema$6ea52b69.plugins
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins...
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certprofile
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbacrule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbactest
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.internal
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.location
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.migration
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken_yubikey
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.permission
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.rpcclient
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.sudorule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.topology
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault
ipalib.rpc: DEBUG: found session_cookie in persistent storage for principal 'host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE', cookie: 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d'
ipalib.rpc: DEBUG: setting session_cookie into context 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;'
ipalib.rpc: INFO: trying https://ipa.makerspace-gt.de/ipa/session/json
ipalib.backend: DEBUG: Created connection context.rpcclient_140360143559248
ipalib.install.kinit: DEBUG: Initializing principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE using keytab /etc/krb5.keytab
ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-WRn7d9/ccache
ipalib.install.kinit: DEBUG: Attempt 1/1: success
ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107')
ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: New HTTP connection (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache url=ldap://ipa.makerspace-gt.de:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fa824399200>
ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231')
ipalib.frontend: DEBUG: ca_find(None, version=u'2.231')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: HTTP connection keep-alive (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/ipa.makerspace-gt.de@MAKERSPACE-GT.DE
ipalib.install.sysrestore: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n DSTRootCAX3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n ISRGRootCAX1 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active dirsrv@MAKERSPACE-GT-DE.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout 300
ipapython.ipautil: DEBUG: waiting for port: 389
ipapython.ipautil: DEBUG: SUCCESS: port: 389
ipaplatform.base.services: DEBUG: Restart of dirsrv@MAKERSPACE-GT-DE.service complete
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n DSTRootCAX3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n ISRGRootCAX1 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active

ipapython.ipautil: DEBUG: stderr=
ipaplatform.base.services: DEBUG: Restart of httpd.service complete
ipaclient.install.ipa_certupdate: DEBUG: resubmitting certmonger request '20200525172055'
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'GENERATING_CSR', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'MONITORING', variant_level=1)
ipaclient.install.ipa_certupdate: DEBUG: modifying certmonger request '20200525172055'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External CA cert
: PR_FILE_NOT_FOUND_ERROR: File not found

ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n DSTRootCAX3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n ISRGRootCAX1 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140360143559248
ipapython.admintool: INFO: The ipa-certupdate command was successful
+ /root/freeipa-letsencrypt/renew-le.sh --first-time
Error opening Private Key /var/lib/ipa/private/httpd.key
140147027949456:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/var/lib/ipa/private/httpd.key','r')
140147027949456:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key
rcritten commented 4 years ago

This script only works with IPA >= 4.7.0 that uses mod_ssl rather than mod_nss for Apache.

If you pop off the top couple of commits it should work with IPA 4.6.x. The change to mod_ssl was done fairly recently.

Igami commented 4 years ago

Thanks.

Here is what I do with ansible to get it working:

    # https://github.com/freeipa/freeipa-letsencrypt
    - yum:
        name:
          - epel-release
          - dnf
          - git
    - git:
        repo: https://github.com/freeipa/freeipa-letsencrypt.git
        dest: /root/ipa-le
        update: no
    - command:
        cmd: git checkout 601f03b147b34871ddb0655e898541c179b57431
        chdir: /root/ipa-le
    - lineinfile:
        path: /root/ipa-le/renew-le.sh
        regexp: '^EMAIL='
        line: EMAIL="info@makerspace-gt.de"
    - lineinfile:
        path: /root/ipa-le/renew-le.sh
        regexp: '^#?cd "\$WORKDIR"'
        line: cd "$WORKDIR"
    - command:
        cmd: kinit -k -t /etc/krb5.keytab
    - command:
        cmd: /root/ipa-le/setup-le.sh
      when: vagrant is undefined
    - cron:
        name: "check letsencrypt certificate"
        minute: "0"
        hour: "0"
        job: "/root/ipa-le/renew-le.sh"
    - service:
        name: httpd
        state: restarted
rcritten commented 4 years ago

Ok cool, marking this as done.