Petar Kozić via FreeIPA-users wrote:
@Rob, sorry for duplicate mail, I forget to do reply to all
No, there is X1 and X3. I have whole chain in ca.crt
Where you think that I can install this let’s encrypt root on client
side, because on server I already have it in chain?
On IPA I installed on this way.
https://blog.soholabs.org/lets-encrypt-and-the-freeipa-web-gui/
The older ipa-client-install don't handle cert chains well. You can try
to add the roots to the global trust before running the installer via:
$ sudo cp ca.crt /usr/local/share/ca-certificates/
$ sudo update-ca-certificates
rob
On May 20, 2019 at 3:28:50 PM, Rob Crittenden (rcritten(a)redhat.com
<mailto:rcritten@redhat.com>) wrote:
> Petar Kozić via FreeIPA-users wrote:
> > Here is the log files. I just want to inform you that I have that
> > problem now also on Ubuntu 14.40 and Debian 8.
> > On Ubuntu ipa client version is 3.3, maybe problem is there.
> >
> > In mean time I enrolled several more Ubuntu 18.04 instances without
> > problem.
> >
> > On this Debian 8 and Ubuntu 14.40 I just try with options —ca-cert-file
> > which I copied from master but same error.
> >
>
> I have no visibility into what CA file you used but you're missing
> either the X3 subca or the X1 root.
>
> You can get them from
https://letsencrypt.org/certificates/
>
> Look at the ca.crt you used and see how many certificates are in there.
> I'm assuming there is only one. You can try concatenating the X1 and X3
> certs into that and things should work.
>
> rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...