[Freeipa-users] Let's Encrypt SSL pkscs 12 problem notes anyone. CENTOS 7 FreeIPA install

Thu Apr 21 14:56:30 UTC 2016

On 04/21/2016 11:22 AM, Branko Quenode wrote:
> Hi ,
> 
> I am trying to install freeipa with centos and Let's Encrypt SSL.
> 
> I create lets-encrypt with webroot option.
> 
> Then i did
> 
> cat privkey.pem fullchain.pem > /root/key.pem
> 
> openssl pkcs12 -export -in /root/key.pem  -out ipa.pkcs12 -name 
> "ipa.somedomain.com <http://ipa.somedomain.com>"
> 
> 
> ipa-server-install --ip-address=<IP> 
>   --http_pkcs12=/etc/letsencrypt/live/ipa.somedomein.com/ipa.pkcs12 
> <http://ipa.somedomein.com/ipa.pkcs12> 
> --dirsrv_pkcs12=/etc/letsencrypt/live/ipa.somedomain.com/ipa.pkcs12 
> <http://ipa.somedomain.com/ipa.pkcs12> 
> --root-ca-file=/etc/letsencrypt/live/ipa.somedomain.com/fullchain.pem 
> <http://ipa.somedomain.com/fullchain.pem>
> 
> I got error
> ipa.ipapython.install.cli.install_tool(Server): ERROR    The full certificate 
> chain is not present in /etc/letsencrypt/live/ipa.somedomain.com/ipa.pkcs12 
> <http://ipa.somedomain.com/ipa.pkcs12>
> 
> 
> What I am missing intermediate.crt maybe ?

Probably. Sounds like

https://www.redhat.com/archives/freeipa-users/2016-April/msg00161.html

Martin