10:16 a.m.
Florence Blanc-Renaud via FreeIPA-users wrote:
On 11/17/18 10:29 PM, c.monty--- via FreeIPA-users wrote:
> Hi,
> the installation fails in step
> Configuring the web interface (httpd) - [19/21]: starting httpd
>
> The error details are here:
> [root@vm200-freeipa ~]# tail /var/log/ipaserver-install.log
> File
> "/usr/lib/python3.7/site-packages/ipaserver/install/service.py", line
> 497, in start
> self.service.start(instance_name, capture_output=capture_output,
> wait=wait)
> File
> "/usr/lib/python3.7/site-packages/ipaplatform/base/services.py", line
> 302, in start
> skip_output=not capture_output)
> File "/usr/lib/python3.7/site-packages/ipapython/ipautil.py", line
> 573, in run
> p.returncode, arg_string, output_log, error_log
>
> 2018-11-17T21:12:05Z DEBUG The ipa-server-install command failed,
> exception: CalledProcessError: CalledProcessError(Command
> ['/bin/systemctl', 'start', 'httpd.service'] returned
non-zero exit
> status 1: 'Job for httpd.service failed because the control process
> exited with error code.\nSee "systemctl status httpd.service" and
> "journalctl -xe" for details.\n')
> 2018-11-17T21:12:05Z ERROR CalledProcessError(Command
> ['/bin/systemctl', 'start', 'httpd.service'] returned
non-zero exit
> status 1: 'Job for httpd.service failed because the control process
> exited with error code.\nSee "systemctl status httpd.service" and
> "journalctl -xe" for details.\n')
> 2018-11-17T21:12:05Z ERROR The ipa-server-install command failed. See
> /var/log/ipaserver-install.log for more information
>
> [root@vm200-freeipa ~]# tail /var/log/httpd/error_log
> [Sat Nov 17 22:12:05.818963 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D0680A8:asn1 encoding
> routines:asn1_check_tlen:wrong tag
> [Sat Nov 17 22:12:05.818970 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1 error
> [Sat Nov 17 22:12:05.818975 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D0680A8:asn1 encoding
> routines:asn1_check_tlen:wrong tag
> [Sat Nov 17 22:12:05.818981 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
> [Sat Nov 17 22:12:05.818994 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:04093004:rsa
> routines:old_rsa_priv_decode:RSA lib
> [Sat Nov 17 22:12:05.818999 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D0680A8:asn1 encoding
> routines:asn1_check_tlen:wrong tag
> [Sat Nov 17 22:12:05.819004 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] SSL Library Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error (Type=PKCS8_PRIV_KEY_INFO)
> [Sat Nov 17 22:12:05.819008 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] AH02311: Fatal error initialising mod_ssl, exiting.
> See /etc/httpd/logs/error_log for more information
> [Sat Nov 17 22:12:05.819011 2018] [ssl:emerg] [pid 3948:tid
> 139946752436480] AH02564: Failed to configure encrypted (?) private
> key ipa.biszumbitterenen.de:443:0, check /var/lib/ipa/private/httpd.key
> AH00016: Configuration Failed
>
> How can I fix this error and continue installation?
>
> THX
>
Hi,
which version of python{2|3}-pyasn1 is installed on your system (and
which OS)? There were known issues on CentOS depending on the pyasn1
version (FreeIPA install fails on CentOS 7 if pyasn1 0.3.2 is installed
[1]).
HTH,
flo
[1] https://pagure.io/freeipa/issue/7103
> _______________________________________________
It may also be due to a mismatch between the system hostname and the
bash $HOSTNAME in /usr/libexec/ipa/ipa-httpd-pwdreader
Apache sends the hostname, port and key type to the script and it
attempts to find the right key. The mechanism was changed in ticket
https://pagure.io/freeipa/issue/7528 to be more robust.
I never did figure out under what conditions the hostnames wouldn't match.
rob