GAURAV Pande via FreeIPA-users wrote:
Hi Florence , Rob
FreeIPA Version is : 4.6.8
Apologies if i might sound stupid here but iam kinda confuse , could you let me know what
exactly needs removal and how can i remove it or command via yum ?
I don't know what you've done. I assume you installed certbot which
requires mod_ssl, so you installed that too. The problem is that IPA in
RHEL 7 uses mod_nss so now you have two crypto providers.
mod_nss doesn't use PEM files so you'd need to use
ipa-server-certinstall to load the LE cert and key into IPA.
Removing mod_ssl is trivial: rpm -e mod_ssl (or yum erase if you prefer)
That should also remove /etc/httpd/conf.d/ssl.conf but you'll want to
confirm it. Just removing the file is not sufficient because mod_ssl
will re-create it the next time the package is updated.
Also regarding statement : "freeipa-letsencrypt does not support
RHEL 7-based systems" could you let me know what OS this repo will support and is it
FreeIPA limitation or Let's Encrypt (which i doubt the later one)
To be clear, freeipa-letsencrypt was created for our own purposes and we
open sourced as we do most things but it has absolute bare bones
support. It is not meant to, and will never, be the swiss army knife of
LE installs with IPA.
It isn't supported in RHEL 7 because we never needed it in RHEL 7. There
are no plans to add support and in fact even a contribution would likely
not be accepted since it would most probably atrophy.
rob