[Pkg-freeipa-devel] Bug#898543: nss-pem available

Harry Coin harrycoin at aol.com
Wed Oct 7 17:11:45 BST 2020


On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen <tjaalton at debian.org>
wrote:
>
> Hi,
>
> This bug shouldn't happen anymore, as nss-pem is used. There's another
> bug (970880) preventing server install right now though.
>
> --
> t
>
>
  File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
line 484, in configure_instance
    self.start_creation(runtime=runtime)
  File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
line 606, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
line 592, in run_step
    method()
  File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
line 880, in __request_ra_certificate
    reqId = certmonger.request_and_wait_for_cert(
  File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py",
line 409, in request_and_wait_for_cert
    raise RuntimeError(

2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed,
exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
Error 35 connecting to
https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
SSL connect error.)
2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE:
Error 35 connecting to
https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
SSL connect error.)
2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See
/var/log/ipaserver-install.log for more information

...

 [11/30]: starting certificate server instance
  [12/30]: configure certmonger for renewals
  [13/30]: requesting RA certificate from CA
  [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
Error 35 connecting to
https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
SSL connect error.)



More information about the Pkg-freeipa-devel mailing list