[Pkg-freeipa-devel] Bug#898543: Bug#898543: nss-pem available

Timo Aaltonen tjaalton at debian.org
Wed Oct 7 20:31:13 BST 2020


On 7.10.2020 19.11, Harry Coin wrote:
> On Fri, 25 Sep 2020 11:46:16 +0300 Timo Aaltonen <tjaalton at debian.org>
> wrote:
>>
>> Hi,
>>
>> This bug shouldn't happen anymore, as nss-pem is used. There's another
>> bug (970880) preventing server install right now though.
>>
>> --
>> t
>>
>>
>    File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
> line 484, in configure_instance
>      self.start_creation(runtime=runtime)
>    File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
> line 606, in start_creation
>      run_step(full_msg, method)
>    File "/usr/lib/python3/dist-packages/ipaserver/install/service.py",
> line 592, in run_step
>      method()
>    File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py",
> line 880, in __request_ra_certificate
>      reqId = certmonger.request_and_wait_for_cert(
>    File "/usr/lib/python3/dist-packages/ipalib/install/certmonger.py",
> line 409, in request_and_wait_for_cert
>      raise RuntimeError(
> 
> 2020-10-07T14:45:28Z DEBUG The ipa-server-install command failed,
> exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
> Error 35 connecting to
> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
> SSL connect error.)
> 2020-10-07T14:45:28Z ERROR Certificate issuance failed (CA_UNREACHABLE:
> Error 35 connecting to
> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
> SSL connect error.)
> 2020-10-07T14:45:28Z ERROR The ipa-server-install command failed. See
> /var/log/ipaserver-install.log for more information
> 
> ...
> 
>   [11/30]: starting certificate server instance
>    [12/30]: configure certmonger for renewals
>    [13/30]: requesting RA certificate from CA
>    [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE:
> Error 35 connecting to
> https://registry1.1.quietfountain.com:8443/ca/agent/ca//profileReview:
> SSL connect error.)
> 
> _______________________________________________
> Pkg-freeipa-devel mailing list
> Pkg-freeipa-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-freeipa-devel
> 

No need to post it here, as I said 970880 is the other bug. Upstream is 
looking at it.

-- 
t



More information about the Pkg-freeipa-devel mailing list