<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class=""><div bgcolor="#FFFFFF" text="#000000" class=""><blockquote cite="mid:CAGa_nR3JkOmpU3Qw9-r5BTHLwYQwBSmjWQ_rjG31afe4U2Puzw@mail.gmail.com" type="cite" class=""><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0
                  .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000" class=""><tt class="">you seem to have an issue when the
                      LetsEncryptAuthorityX3 is being installed. The
                      certificate from the CA that issued this
                      certificate (DSTRootCAX3) seems to be installed
                      correctly. Could you verify that DSTRootCAX3 is
                      marked as trusted CA by issuing:</tt><tt class=""><br class="">
                    </tt> <tt class=""><br class="">
                    </tt><tt class=""> certutil -d /etc/httpd/alias/ -L</tt><tt class=""><br class="">
                    </tt> <tt class=""><br class="">
                    </tt><tt class=""> The DSTRoootCAX3 should have C,, trust
                      flags.</tt><tt class=""><br class="">
                    </tt> <tt class=""><br class="">
                    </tt><tt class=""> There was an issue fixed last week that
                      might caused this issue if you've ever tried to
                      install letsencrypt on this particular VM before:
                    </tt><tt class=""><a moz-do-not-send="true" class="m_-7715533103486156359m_3115846549128372002moz-txt-link-freetext" href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_freeipa_freeipa-2Dletsencrypt_issues_1-23issuecomment-2D263546822&d=DgMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=R15wl7ZDV75_uTtU5lcgwToXZGnLc8w9icxEFK4tCw0&s=XMk-cW2MvWhcz18AYBu5IACJEq8Ouhj6EyX60BgxKFs&e=" target="_blank">https://github.com/freeipa/fre<wbr class="">eipa-letsencrypt/issues/1#issu<wbr class="">ecomment-263546822</a></tt><tt class="">
                      If that's the case, you will need to re-install
                      IPA before the letsencrypt solution will work.</tt><tt class=""><br class=""></tt></div></blockquote></div></div></blockquote></div></div></blockquote></div></div></blockquote><br class=""></div><div>I tried to uninstall FreeIPA and Letsencrypt for FreeIPA but I’m getting this:</div><div><br class=""></div><div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">ipa-server-install -U --uninstall</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">ipa.ipapython.install.cli.uninstall_tool(Server): ERROR    Server removal aborted: Deleting this server is not allowed as it would leave your installation without a CA..</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">ipa.ipapython.install.cli.uninstall_tool(Server): ERROR    The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">[root@trill ~]# tail /var/log/ipaserver-uninstall.log</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 270, in decorated</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    func(installer)</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 1047, in uninstall_check</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    remove_master_from_managed_topology(api, options)</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">  File "/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py", line 310, in remove_master_from_managed_topology</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">    raise ScriptError(str(e))</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo; min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2016-12-05T17:53:05Z DEBUG The ipa-server-install command failed, exception: ScriptError: Server removal aborted: Deleting this server is not allowed as it would leave your installation without a CA..</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2016-12-05T17:53:05Z ERROR Server removal aborted: Deleting this server is not allowed as it would leave your installation without a CA..</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2016-12-05T17:53:05Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-uninstall.log for more information</span></div><div style="margin: 0px; font-size: 11px; line-height: normal; font-family: Menlo;" class=""><br class=""></div><div style="margin: 0px; font-size: 11px; line-height: normal;" class="">Is there a better command?</div></div><br class=""></body></html>