Hello. Trying to enroll Ubuntu 24.04 to domain, but it says "certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa2.dom.loc'. (_ssl.c :1000)" But when I trying ipa web adress via browser it's seems fine. It's selfsigned like always, but date and name are fine. And just recently I have successfully added another one host How can I fix it? Maybe I can disable certificate checking somehow, just for start?
sudo ipa-client-install --hostname dit-ntb-spc39-1797875.dom.loc --server=ipa2.dom.loc --enable-dns-updates --domain dom.loc --mkhomedir -p admin -w Password --force-join
This program will set up IPA client.
Version 4.11.1
WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd
Using existing certificate '/etc/ipa/ca.crt'.
Autodiscovery of servers for failover cannot work with this configuration.
If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure.
Proceed with fixed values and no DNS discovery? [no]: y
Do you want to configure chrony with NTP server or pool address? [no]:
Client hostname: dit-ntb-spc39-1797875.dom.loc
Realm: dom.loc
DNS Domain: dom.loc
IPA Server: ipa2.dom.loc
BaseDN: dc=l3874,dc=ru
Continue to configure the system with these values? [no]: y
Removed old keys for realm dom.loc from /etc/krb5.keytab
Synchronizing time
Configuration of chrony was changed by installer.
Attempting to sync time with chronyc.
Time synchronization was successful.
Enrolled in IPA realm dom.loc
Created /etc/ipa/default.conf
Domain dom.loc is already configured in existing SSSD config, creating a new one.
The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall.
Configured /etc/sssd/sssd.conf
Connection to https://ipa2.dom.loc/ipa/json failed with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa2.dom.loc'. (_ssl.c :1000)
Connection to https://ipa.dom.loc/ipa/json failed with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa.dom.loc'. (_ssl.c:1000)
cannot connect to 'любой из настроенных серверов': https://ipa2.dom.loc/ipa/json, https://ipa.dom.loc/ipa/json
The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information