GAURAV Pande via FreeIPA-users wrote:
Hi Florence , Rob
FreeIPA Version is : 4.6.8
Apologies if i might sound stupid here but iam kinda confuse , could you let me know what exactly needs removal and how can i remove it or command via yum ?
I don't know what you've done. I assume you installed certbot which requires mod_ssl, so you installed that too. The problem is that IPA in RHEL 7 uses mod_nss so now you have two crypto providers.
mod_nss doesn't use PEM files so you'd need to use ipa-server-certinstall to load the LE cert and key into IPA.
Removing mod_ssl is trivial: rpm -e mod_ssl (or yum erase if you prefer)
That should also remove /etc/httpd/conf.d/ssl.conf but you'll want to confirm it. Just removing the file is not sufficient because mod_ssl will re-create it the next time the package is updated.
Also regarding statement : "freeipa-letsencrypt does not support RHEL 7-based systems" could you let me know what OS this repo will support and is it FreeIPA limitation or Let's Encrypt (which i doubt the later one)
To be clear, freeipa-letsencrypt was created for our own purposes and we open sourced as we do most things but it has absolute bare bones support. It is not meant to, and will never, be the swiss army knife of LE installs with IPA.
It isn't supported in RHEL 7 because we never needed it in RHEL 7. There are no plans to add support and in fact even a contribution would likely not be accepted since it would most probably atrophy.
rob