I try to install FreeIPA next to ipsilon with a letsencrypt certificate on centos 7.
Except for the certificate everything works fine.
[root@ipa freeipa-letsencrypt]# bash -x setup-le.sh
+ set -o nounset -o errexit
+++ realpath setup-le.sh
++ dirname /root/freeipa-letsencrypt/setup-le.sh
+ WORKDIR=/root/freeipa-letsencrypt
+ dnf install letsencrypt -y
Letzte Prรผfung auf abgelaufene Metadaten: vor 13:51:02 am Mo 25 Mai 2020 17:50:19 UTC.
Package certbot-1.3.0-1.el7.noarch is already installed.
Abhรคngigkeiten sind aufgelรถst.
Nichts zu tun.
Fertig.
+ ipa-cacert-manage install /root/freeipa-letsencrypt/ca/DSTRootCAX3.pem -n DSTRootCAX3 -t C,,
Installing CA certificate, please wait
Verified DSTRootCAX3
CA certificate successfully installed
The ipa-cacert-manage command was successful
+ ipa-certupdate -v
ipapython.admintool: DEBUG: Not logging to a file
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.remote_plugins.schema$6ea52b69...
ipalib.plugable: DEBUG: importing plugin module ipaclient.remote_plugins.schema$6ea52b69.plugins
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins...
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certprofile
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbacrule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbactest
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.internal
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.location
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.migration
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken_yubikey
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.permission
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.rpcclient
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.sudorule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.topology
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault
ipalib.rpc: DEBUG: found session_cookie in persistent storage for principal 'host/[email protected]', cookie: 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d'
ipalib.rpc: DEBUG: setting session_cookie into context 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;'
ipalib.rpc: INFO: trying https://ipa.makerspace-gt.de/ipa/session/json
ipalib.backend: DEBUG: Created connection context.rpcclient_140371180083856
ipalib.install.kinit: DEBUG: Initializing principal host/[email protected] using keytab /etc/krb5.keytab
ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-9tCQD5/ccache
ipalib.install.kinit: DEBUG: Attempt 1/1: success
ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107')
ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: New HTTP connection (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/[email protected]
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache url=ldap://ipa.makerspace-gt.de:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7faab60da1b8>
ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231')
ipalib.frontend: DEBUG: ca_find(None, version=u'2.231')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: HTTP connection keep-alive (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/[email protected]
ipalib.install.sysrestore: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n DSTRootCAX3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n ISRGRootCAX1 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout 300
ipapython.ipautil: DEBUG: waiting for port: 389
ipapython.ipautil: DEBUG: SUCCESS: port: 389
ipaplatform.base.services: DEBUG: Restart of [email protected] complete
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n DSTRootCAX3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n ISRGRootCAX1 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipaplatform.base.services: DEBUG: Restart of httpd.service complete
ipaclient.install.ipa_certupdate: DEBUG: resubmitting certmonger request '20200525172055'
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'GENERATING_CSR', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'MONITORING', variant_level=1)
ipaclient.install.ipa_certupdate: DEBUG: modifying certmonger request '20200525172055'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External CA cert
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n DSTRootCAX3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n ISRGRootCAX1 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140371180083856
ipapython.admintool: INFO: The ipa-certupdate command was successful
+ ipa-cacert-manage install /root/freeipa-letsencrypt/ca/LetsEncryptAuthorityX3.pem -n letsencryptx3 -t C,,
Installing CA certificate, please wait
Verified letsencryptx3
CA certificate successfully installed
The ipa-cacert-manage command was successful
+ ipa-certupdate -v
ipapython.admintool: DEBUG: Not logging to a file
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.remote_plugins.schema$6ea52b69...
ipalib.plugable: DEBUG: importing plugin module ipaclient.remote_plugins.schema$6ea52b69.plugins
ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins...
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certprofile
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbacrule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbactest
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.internal
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.location
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.migration
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken_yubikey
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.permission
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.rpcclient
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.sudorule
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.topology
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user
ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault
ipalib.rpc: DEBUG: found session_cookie in persistent storage for principal 'host/[email protected]', cookie: 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d'
ipalib.rpc: DEBUG: setting session_cookie into context 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;'
ipalib.rpc: INFO: trying https://ipa.makerspace-gt.de/ipa/session/json
ipalib.backend: DEBUG: Created connection context.rpcclient_140360143559248
ipalib.install.kinit: DEBUG: Initializing principal host/[email protected] using keytab /etc/krb5.keytab
ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-WRn7d9/ccache
ipalib.install.kinit: DEBUG: Attempt 1/1: success
ipalib.frontend: DEBUG: raw: ca_is_enabled(version=u'2.107')
ipalib.frontend: DEBUG: ca_is_enabled(version=u'2.107')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_is_enabled/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: New HTTP connection (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/[email protected]
ipapython.ipaldap: DEBUG: retrieving schema for SchemaCache url=ldap://ipa.makerspace-gt.de:389 conn=<ldap.ldapobject.SimpleLDAPObject instance at 0x7fa824399200>
ipalib.frontend: DEBUG: raw: ca_find(None, version=u'2.231')
ipalib.frontend: DEBUG: ca_find(None, version=u'2.231')
ipalib.rpc: INFO: [try 1]: Forwarding 'ca_find/1' to json server 'https://ipa.makerspace-gt.de/ipa/session/json'
ipalib.rpc: DEBUG: HTTP connection keep-alive (ipa.makerspace-gt.de)
ipalib.rpc: DEBUG: received Set-Cookie (<type 'list'>)'['ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;path=/ipa;httponly;secure;']'
ipalib.rpc: DEBUG: storing cookie 'ipa_session=MagBearerToken=vzJPmp6JZHhpL88ue2RPKd3hPfU0%2bTx%2btu7CuXQhZwpn8pUPyzRxr39Bty3jE4E7IffqzgodKW2VlnCDuFLnEKpWExG2hzv9XDQ0TJmnBd%2b9TiIJm7OeHvUWRh67gosf8fqPl3VSn%2fZmFDepDSmDwfBBEsvcF2%2bdCnxEAHQKmkcB0mBolWnSbpXSsQIqg2r5rwHD1iYfv0XwNZ3XpDXCSl4oA8zaTUVOLfToQng0MsDUVShGeyR%2bKkT5IJ38Cx5kTmWB7grOG0Y1vFxNd0hgushiIyLMgsutJtaUxjRcIi0%3d;' for principal host/[email protected]
ipalib.install.sysrestore: DEBUG: Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n DSTRootCAX3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n letsencryptx3 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/dirsrv/slapd-MAKERSPACE-GT-DE -A -n ISRGRootCAX1 -t C,, -a -f /etc/dirsrv/slapd-MAKERSPACE-GT-DE/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl --system daemon-reload
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active [email protected]
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: wait_for_open_ports: localhost [389] timeout 300
ipapython.ipautil: DEBUG: waiting for port: 389
ipapython.ipautil: DEBUG: SUCCESS: port: 389
ipaplatform.base.services: DEBUG: Restart of [email protected] complete
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n DSTRootCAX3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n letsencryptx3 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/httpd/alias -A -n ISRGRootCAX1 -t C,, -a -f /etc/httpd/alias/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl restart httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/bin/systemctl is-active httpd.service
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=active
ipapython.ipautil: DEBUG: stderr=
ipaplatform.base.services: DEBUG: Restart of httpd.service complete
ipaclient.install.ipa_certupdate: DEBUG: resubmitting certmonger request '20200525172055'
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'GENERATING_CSR', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'SUBMITTING', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'PRE_SAVE_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'POST_SAVED_CERT', variant_level=1)
ipalib.install.certmonger: DEBUG: certmonger request is in state dbus.String(u'MONITORING', variant_level=1)
ipaclient.install.ipa_certupdate: DEBUG: modifying certmonger request '20200525172055'
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n IPA CA -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: IPA CA
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -L -n External CA cert -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=255
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=certutil: Could not find cert: External CA cert
: PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n MAKERSPACE-GT.DE IPA CA -t CT,C,C -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n DSTRootCAX3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n letsencryptx3 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/certutil -d dbm:/etc/ipa/nssdb -A -n ISRGRootCAX1 -t C,, -a -f /etc/ipa/nssdb/pwdfile.txt
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=/usr/bin/update-ca-trust
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipaplatform.redhat.tasks: INFO: Systemwide CA database updated.
ipalib.backend: DEBUG: Destroyed connection context.rpcclient_140360143559248
ipapython.admintool: INFO: The ipa-certupdate command was successful
+ /root/freeipa-letsencrypt/renew-le.sh --first-time
Error opening Private Key /var/lib/ipa/private/httpd.key
140147027949456:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('/var/lib/ipa/private/httpd.key','r')
140147027949456:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404:
unable to load Private Key