Closed senare closed 3 years ago
Fine by me, thanks for opening the PR
Shouldn't that be "-passin" instead of "-passout"?
Shouldn't that be "-passin" instead of "-passout"?
Idk, I tested using it as is and seams to work. But I will have a look and see if can answer that !
No i believe it's correct. It's just really confusing named arguments ...
But we are referring to the password (file) i.e "/var/lib/ipa/passwds/$HOSTNAME-443-RSA" for the out i.e "httpd-csr.der"
REF =>> man
Pass Phrase Options
Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.
Well, when I used the command I was prompted for input of a password (which I could not provide as it was automatically generated during setup of the freeipa-server) so I had to abort the generation. But using the -passin option the password for the private key was read from the existing password file and the generation succeded.
Interestingly enough, I'm running into issues using both -passin
and -passout
.
While deploying a LE cert using this branch, it fails at this point
ipapython.admintool: INFO: The ipa-certupdate command was successful
/root/freeipa-letsencrypt/renew-le.sh: line 29: OPENSSL_EXTRA_ARGS: unbound variable
Interestingly enough, I'm running into issues using both
-passin
and-passout
. While deploying a LE cert using this branch, it fails at this pointipapython.admintool: INFO: The ipa-certupdate command was successful /root/freeipa-letsencrypt/renew-le.sh: line 29: OPENSSL_EXTRA_ARGS: unbound variable
This will happen when running bash with set -u
and the file doesn't exist, as described here: https://www.gnu.org/software/bash/manual/html_node/The-Set-Builtin.html
I changed the bash conditional to handle this properly. Please pull and try again if this is still blocking you @Striploin
I think this ready to merge, @mkosek would you mind taking a look whenever you have a chance?
Please use git rebase -i master
and fold these two commits into the same one.
Please use
git rebase -i master
and fold these two commits into the same one.
Thanks for the quick response. Rebase is complete.
LGTM.
Just ran the current master with "-passout" option and was still prompted for a password. I found this MR and changed the renew-le.sh file to be "-passin" instead and it worked. My guess is the openssl command needs to use the httpd.key file to create the CSR and it needs the passwd file as an input to access the httpd.key.
@PrimordialKangaroo please submit a separate PR with your change.
I confirm that it should be -passin in CentOS 8. Just ran into this problem today.
https://github.com/freeipa/freeipa-letsencrypt/issues/18
Hi, this seams to do the trick at least for me ! So I would like to se that change merged ?
I am not sure how to go about that but seams I can create a PR ? Hope thats is fine with @thinkmassive ?
(Centos8 btw ..)