Problem installing ssl to freeipa

Sk1v commented 3 years ago

Hello everyone. After installation ipa-server-install and snapd, I run setup-le.sh and getting this error. Please tell me what to do with it.

Brief information about the system: Red Hat Enterprise Linux 8 RAM 4GB 2 core CPU

./setup-le.sh 
Failed to set locale, defaulting to C.UTF-8
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Last metadata expiration check: 0:04:15 ago on Thu Jul  8 06:56:57 2021.
Dependencies resolved.
===========================================================================================================================================================================================================
 Package                                                       Architecture                               Version                                           Repository                                Size
===========================================================================================================================================================================================================
Installing:
 certbot                                                       noarch                                     1.14.0-1.el8                                      epel                                      51 k
Installing dependencies:
 python3-acme                                                  noarch                                     1.14.0-1.el8                                      epel                                      88 k
 python3-certbot                                               noarch                                     1.14.0-1.el8                                      epel                                     391 k
 python3-configargparse                                        noarch                                     0.14.0-6.el8                                      epel                                      36 k
 python3-josepy                                                noarch                                     1.8.0-1.el8                                       epel                                     102 k
 python3-parsedatetime                                         noarch                                     2.5-1.el8                                         epel                                      79 k
 python3-pyrfc3339                                             noarch                                     1.1-1.el8                                         epel                                      19 k
 python3-requests-toolbelt                                     noarch                                     0.9.1-4.el8                                       epel                                      91 k
 python3-zope-component                                        noarch                                     4.3.0-8.el8                                       epel                                     313 k
 python3-zope-event                                            noarch                                     4.2.0-12.el8                                      epel                                     210 k
 python3-zope-interface                                        x86_64                                     4.6.0-1.el8                                       epel                                     158 k
Installing weak dependencies:
 python-josepy-doc                                             noarch                                     1.8.0-1.el8                                       epel                                      22 k

Transaction Summary
===========================================================================================================================================================================================================
Install  12 Packages

Total download size: 1.5 M
Installed size: 5.8 M
Downloading Packages:
(1/12): python-josepy-doc-1.8.0-1.el8.noarch.rpm                                                                                                                           611 kB/s |  22 kB     00:00    
(2/12): python3-acme-1.14.0-1.el8.noarch.rpm                                                                                                                               2.2 MB/s |  88 kB     00:00    
(3/12): certbot-1.14.0-1.el8.noarch.rpm                                                                                                                                    1.2 MB/s |  51 kB     00:00    
(4/12): python3-configargparse-0.14.0-6.el8.noarch.rpm                                                                                                                     5.3 MB/s |  36 kB     00:00    
(5/12): python3-josepy-1.8.0-1.el8.noarch.rpm                                                                                                                               13 MB/s | 102 kB     00:00    
(6/12): python3-certbot-1.14.0-1.el8.noarch.rpm                                                                                                                             23 MB/s | 391 kB     00:00    
(7/12): python3-parsedatetime-2.5-1.el8.noarch.rpm                                                                                                                         9.4 MB/s |  79 kB     00:00    
(8/12): python3-pyrfc3339-1.1-1.el8.noarch.rpm                                                                                                                             2.9 MB/s |  19 kB     00:00    
(9/12): python3-zope-event-4.2.0-12.el8.noarch.rpm                                                                                                                          19 MB/s | 210 kB     00:00    
(10/12): python3-requests-toolbelt-0.9.1-4.el8.noarch.rpm                                                                                                                  5.2 MB/s |  91 kB     00:00    
(11/12): python3-zope-interface-4.6.0-1.el8.x86_64.rpm                                                                                                                      16 MB/s | 158 kB     00:00    
(12/12): python3-zope-component-4.3.0-8.el8.noarch.rpm                                                                                                                     7.1 MB/s | 313 kB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                       11 MB/s | 1.5 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                   1/1 
  Installing       : python3-zope-event-4.2.0-12.el8.noarch                                                                                                                                           1/12 
  Installing       : python3-zope-interface-4.6.0-1.el8.x86_64                                                                                                                                        2/12 
  Installing       : python3-pyrfc3339-1.1-1.el8.noarch                                                                                                                                               3/12 
  Installing       : python3-zope-component-4.3.0-8.el8.noarch                                                                                                                                        4/12 
  Installing       : python3-requests-toolbelt-0.9.1-4.el8.noarch                                                                                                                                     5/12 
  Installing       : python3-parsedatetime-2.5-1.el8.noarch                                                                                                                                           6/12 
  Installing       : python3-configargparse-0.14.0-6.el8.noarch                                                                                                                                       7/12 
  Installing       : python-josepy-doc-1.8.0-1.el8.noarch                                                                                                                                             8/12 
  Installing       : python3-josepy-1.8.0-1.el8.noarch                                                                                                                                                9/12 
  Installing       : python3-acme-1.14.0-1.el8.noarch                                                                                                                                                10/12 
  Installing       : python3-certbot-1.14.0-1.el8.noarch                                                                                                                                             11/12 
  Installing       : certbot-1.14.0-1.el8.noarch                                                                                                                                                     12/12 
  Running scriptlet: certbot-1.14.0-1.el8.noarch                                                                                                                                                     12/12 
  Verifying        : certbot-1.14.0-1.el8.noarch                                                                                                                                                      1/12 
  Verifying        : python-josepy-doc-1.8.0-1.el8.noarch                                                                                                                                             2/12 
  Verifying        : python3-acme-1.14.0-1.el8.noarch                                                                                                                                                 3/12 
  Verifying        : python3-certbot-1.14.0-1.el8.noarch                                                                                                                                              4/12 
  Verifying        : python3-configargparse-0.14.0-6.el8.noarch                                                                                                                                       5/12 
  Verifying        : python3-josepy-1.8.0-1.el8.noarch                                                                                                                                                6/12 
  Verifying        : python3-parsedatetime-2.5-1.el8.noarch                                                                                                                                           7/12 
  Verifying        : python3-pyrfc3339-1.1-1.el8.noarch                                                                                                                                               8/12 
  Verifying        : python3-requests-toolbelt-0.9.1-4.el8.noarch                                                                                                                                     9/12 
  Verifying        : python3-zope-component-4.3.0-8.el8.noarch                                                                                                                                       10/12 
  Verifying        : python3-zope-event-4.2.0-12.el8.noarch                                                                                                                                          11/12 
  Verifying        : python3-zope-interface-4.6.0-1.el8.x86_64                                                                                                                                       12/12 
Installed products updated.

Installed:
  certbot-1.14.0-1.el8.noarch                          python-josepy-doc-1.8.0-1.el8.noarch              python3-acme-1.14.0-1.el8.noarch               python3-certbot-1.14.0-1.el8.noarch              
  python3-configargparse-0.14.0-6.el8.noarch           python3-josepy-1.8.0-1.el8.noarch                 python3-parsedatetime-2.5-1.el8.noarch         python3-pyrfc3339-1.1-1.el8.noarch               
  python3-requests-toolbelt-0.9.1-4.el8.noarch         python3-zope-component-4.3.0-8.el8.noarch         python3-zope-event-4.2.0-12.el8.noarch         python3-zope-interface-4.6.0-1.el8.x86_64        

Complete!
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1939  100  1939    0     0  11680      0 --:--:-- --:--:-- --:--:-- 11751
Installing CA certificate, please wait
Verified CN=ISRG Root X1,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   790  100   790    0     0  12343      0 --:--:-- --:--:-- --:--:-- 12343
Installing CA certificate, please wait
Verified CN=ISRG Root X2,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1826  100  1826    0     0  22825      0 --:--:-- --:--:-- --:--:-- 22825
Installing CA certificate, please wait
Verified CN=R3,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1021  100  1021    0     0  12451      0 --:--:-- --:--:-- --:--:-- 12451
Installing CA certificate, please wait
Verified CN=E1,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1826  100  1826    0     0  67629      0 --:--:-- --:--:-- --:--:-- 67629
Installing CA certificate, please wait
Verified CN=R4,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1021  100  1021    0     0  72928      0 --:--:-- --:--:-- --:--:-- 72928
Installing CA certificate, please wait
Verified CN=E2,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Systemwide CA database updated.
Systemwide CA database updated.
The ipa-certupdate command was successful
Enter pass phrase for /var/lib/ipa/private/httpd.key:
unable to load Private Key
139901708355392:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:616:
139901708355392:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
139901708355392:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
139901708355392:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

rcritten commented 3 years ago

Try it with this change: https://github.com/freeipa/freeipa-letsencrypt/pull/34

Sk1v commented 3 years ago

Try it with this change: #34

This happens exactly when I started installation (setup-le.sh).

I added this to description

rcritten commented 3 years ago

What happens when you started installation? The failure to set locale?

That is unrelated. The problem is the private key can't be decrypted.

Sk1v commented 3 years ago

What happens when you started installation? The failure to set locale?

That is unrelated. The problem is the private key can't be decrypted.

When I run the script to install ssl (setup-le.sh), then I get an error that is written at the end of the log that I described

Enter pass phrase for /var/lib/ipa/private/httpd.key:
unable to load Private Key
139901708355392:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:616:
139901708355392:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
139901708355392:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
139901708355392:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

rcritten commented 3 years ago

Right, try it with the patch I pointed to.

strongy commented 3 years ago

Try it with this change: #34

this worked for me thanks

Sk1v commented 3 years ago

Right, try it with the patch I pointed to.

Unfortunately didn't work for me

rcritten commented 3 years ago

Can you please be more specific? What didn't work? Did the behavoir change?

freeipa / freeipa-letsencrypt

Problem installing ssl to freeipa #38