On 04/21/2016 11:22 AM, Branko Quenode wrote: > Hi , > > I am trying to install freeipa with centos and Let's Encrypt SSL. > > I create lets-encrypt with webroot option. > > Then i did > > cat privkey.pem fullchain.pem > /root/key.pem > > openssl pkcs12 -export -in /root/key.pem -out ipa.pkcs12 -name > "ipa.somedomain.com <http://ipa.somedomain.com>" > > > ipa-server-install --ip-address=<IP> > --http_pkcs12=/etc/letsencrypt/live/ipa.somedomein.com/ipa.pkcs12 > <http://ipa.somedomein.com/ipa.pkcs12> > --dirsrv_pkcs12=/etc/letsencrypt/live/ipa.somedomain.com/ipa.pkcs12 > <http://ipa.somedomain.com/ipa.pkcs12> > --root-ca-file=/etc/letsencrypt/live/ipa.somedomain.com/fullchain.pem > <http://ipa.somedomain.com/fullchain.pem> > > I got error > ipa.ipapython.install.cli.install_tool(Server): ERROR The full certificate > chain is not present in /etc/letsencrypt/live/ipa.somedomain.com/ipa.pkcs12 > <http://ipa.somedomain.com/ipa.pkcs12> > > > What I am missing intermediate.crt maybe ?
Probably. Sounds like https://www.redhat.com/archives/freeipa-users/2016-April/msg00161.html Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project