Faraz Younus via FreeIPA-users <freeipa-users@lists.fedorahosted.org> writes:
> Hello , > > I'm getting failed when updating new certificate whether it is external & > Letsencrypt. Previously I was installing successfully letsencrypt > certificate 15 days ago. > > I'm following below github repo to setup freeipa. > > https://github.com/freeipa/ansible-freeipa/tree/master/roles > > root# ipa-server-certinstall -w -d ipa5.fixedandmobile.com.p12 > > Peer's certificate issuer is not trusted (certutil: certificate is invalid: > Peer's Certificate issuer is not recognized. > > ). Please run ipa-cacert-manage install and ipa-certupdate to install the > CA certificate. > > The ipa-server-certinstall command failed. > > root# ipa-certupdate -v > > ipapython.admintool: DEBUG: Not logging to a file > > ipalib.rpc: DEBUG: failed to find session_cookie in persistent storage for > principal 'ad...@fixedandmobile.com' > > ipalib.rpc: INFO: trying https://ipa5.fixedandmobile.com/ipa/json > > ipalib.rpc: DEBUG: New HTTP connection (ipa5.fixedandmobile.com) > > ipalib.rpc: DEBUG: received Set-Cookie (<type > 'list'>)'['ipa_session=MagBearerToken=7%2feoIywViL2KTkXiG1w0hP0DdWEaK4pE75LdZtDKSRPqBDLuzEqJdY%2fUnrwLqOBnhZBTqjj8gdAGD%2fSWn%2bwq1xLTiDo7%2f8CRETD%2bW5AvHT1VNFFRZibPfE1JS2BVE09q%2bdQrPAV60PA4cth2Qcdsvfp0U2oLj1xML6eRsoXG00REURhaFp8cCaB9AuQVKLbO8Byf3Pie3qafgN1SJ04jzA%3d%3d;path=/ipa;httponly;secure;']' > > ipalib.rpc: DEBUG: storing cookie > 'ipa_session=MagBearerToken=7%2feoIywViL2KTkXiG1w0hP0DdWEaK4pE75LdZtDKSRPqBDLuzEqJdY%2fUnrwLqOBnhZBTqjj8gdAGD%2fSWn%2bwq1xLTiDo7%2f8CRETD%2bW5AvHT1VNFFRZibPfE1JS2BVE09q%2bdQrPAV60PA4cth2Qcdsvfp0U2oLj1xML6eRsoXG00REURhaFp8cCaB9AuQVKLbO8Byf3Pie3qafgN1SJ04jzA%3d%3d;' > for principal ad...@fixedandmobile.com > > ipalib.backend: DEBUG: Created connection context.rpcclient_139889220220816 > > ipalib.rpc: INFO: [try 1]: Forwarding 'schema' to json server ' > https://ipa5.fixedandmobile.com/ipa/json' > > ipalib.rpc: DEBUG: HTTP connection keep-alive (ipa5.fixedandmobile.com) > > ipalib.rpc: DEBUG: received Set-Cookie (<type > 'list'>)'['ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d;path=/ipa;httponly;secure;']' > > ipalib.rpc: DEBUG: storing cookie > 'ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d;' > for principal ad...@fixedandmobile.com > > ipalib.backend: DEBUG: Destroyed connection > context.rpcclient_139889220220816 > > ipalib.plugable: DEBUG: importing all plugin modules in > ipaclient.remote_plugins.schema$79e69edd... > > ipalib.plugable: DEBUG: importing plugin module > ipaclient.remote_plugins.schema$79e69edd.plugins > > ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins... > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap > > ipalib.plugable: DEBUG: importing plugin module > ipaclient.plugins.certprofile > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.csrgen > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.dns > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbacrule > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.hbactest > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.host > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.idrange > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.internal > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.location > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.migration > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.misc > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.otptoken > > ipalib.plugable: DEBUG: importing plugin module > ipaclient.plugins.otptoken_yubikey > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.passwd > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.permission > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.rpcclient > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.server > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.service > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.sudorule > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.topology > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.trust > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.user > > ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.vault > > ipalib.rpc: DEBUG: found session_cookie in persistent storage for principal > 'ad...@fixedandmobile.com', cookie: > 'ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d' > > ipalib.rpc: DEBUG: setting session_cookie into context > 'ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d;' > > ipalib.rpc: INFO: trying https://ipa5.fixedandmobile.com/ipa/session/json > > ipalib.rpc: DEBUG: New HTTP connection (ipa5.fixedandmobile.com) > > ipalib.rpc: DEBUG: received Set-Cookie (<type > 'list'>)'['ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d;path=/ipa;httponly;secure;']' > > ipalib.rpc: DEBUG: storing cookie > 'ipa_session=MagBearerToken=7PkGtgj%2fPCAF7lH774apcgiEy8NWrTzE3mFkHYl0eLj3%2bujnT%2fQru5wDXVKPv5ky7TwRzS%2bVifAcvSv97FnucGLDC%2b17365XlJuuexo2K0IueTFg5oFAdOf6aCk%2bB%2bNC8Rjawej3u1gidQa8y285gLYBmD0rW44cdrHaulcW72pgD1ts1%2fC1uwRsolhCx30Iwfe0Qj9TGSjd0OvS0TfS0A%3d%3d;' > for principal ad...@fixedandmobile.com > > ipalib.backend: DEBUG: Created connection context.rpcclient_139889190138192 > > ipalib.install.kinit: DEBUG: Initializing principal host/ > ipa5.fixedandmobile....@fixedandmobile.com using keytab /etc/krb5.keytab > > ipalib.install.kinit: DEBUG: using ccache /tmp/tmp-Rln5Jh/ccache > > ipapython.admintool: DEBUG: File > "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in > execute > > return_value = self.run() > > File > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", > line 62, in run > > run_with_args(api) > > File > "/usr/lib/python2.7/site-packages/ipaclient/install/ipa_certupdate.py", > line 83, in run_with_args > > kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_name) > > File "/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 47, > in kinit_keytab > > cred = gssapi.Credentials(name=name, store=store, usage='initiate') > > File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in > __new__ > > store=store) > > File "/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 148, in > acquire > > usage) > > File "ext_cred_store.pyx", line 182, in > gssapi.raw.ext_cred_store.acquire_cred_from > (gssapi/raw/ext_cred_store.c:1732) > > > ipapython.admintool: DEBUG: The ipa-certupdate command failed, exception: > GSSError: Major (851968): Unspecified GSS failure. Minor code may provide > more information, Minor (2529639107): No credentials cache found > > ipapython.admintool: ERROR: Major (851968): Unspecified GSS failure. Minor > code may provide more information, Minor (2529639107): No credentials cache > found > > ipapython.admintool: ERROR: The ipa-certupdate command failed. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Did you kinit first? This probably should have a better UI than dying in exception... Thanks, --Robbie
signature.asc
Description: PGP signature
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
