Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem installing ssl to freeipa #38

Open
Sk1v opened this issue Jul 8, 2021 · 8 comments
Open

Problem installing ssl to freeipa #38

Sk1v opened this issue Jul 8, 2021 · 8 comments

Comments

@Sk1v
Copy link

Sk1v commented Jul 8, 2021
edited
Loading

Hello everyone. After installation ipa-server-install and snapd, I run setup-le.sh and getting this error. Please tell me what to do with it.

Brief information about the system:
Red Hat Enterprise Linux 8
RAM 4GB
2 core CPU

./setup-le.sh 
Failed to set locale, defaulting to C.UTF-8
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.

Last metadata expiration check: 0:04:15 ago on Thu Jul  8 06:56:57 2021.
Dependencies resolved.
===========================================================================================================================================================================================================
 Package                                                       Architecture                               Version                                           Repository                                Size
===========================================================================================================================================================================================================
Installing:
 certbot                                                       noarch                                     1.14.0-1.el8                                      epel                                      51 k
Installing dependencies:
 python3-acme                                                  noarch                                     1.14.0-1.el8                                      epel                                      88 k
 python3-certbot                                               noarch                                     1.14.0-1.el8                                      epel                                     391 k
 python3-configargparse                                        noarch                                     0.14.0-6.el8                                      epel                                      36 k
 python3-josepy                                                noarch                                     1.8.0-1.el8                                       epel                                     102 k
 python3-parsedatetime                                         noarch                                     2.5-1.el8                                         epel                                      79 k
 python3-pyrfc3339                                             noarch                                     1.1-1.el8                                         epel                                      19 k
 python3-requests-toolbelt                                     noarch                                     0.9.1-4.el8                                       epel                                      91 k
 python3-zope-component                                        noarch                                     4.3.0-8.el8                                       epel                                     313 k
 python3-zope-event                                            noarch                                     4.2.0-12.el8                                      epel                                     210 k
 python3-zope-interface                                        x86_64                                     4.6.0-1.el8                                       epel                                     158 k
Installing weak dependencies:
 python-josepy-doc                                             noarch                                     1.8.0-1.el8                                       epel                                      22 k

Transaction Summary
===========================================================================================================================================================================================================
Install  12 Packages

Total download size: 1.5 M
Installed size: 5.8 M
Downloading Packages:
(1/12): python-josepy-doc-1.8.0-1.el8.noarch.rpm                                                                                                                           611 kB/s |  22 kB     00:00    
(2/12): python3-acme-1.14.0-1.el8.noarch.rpm                                                                                                                               2.2 MB/s |  88 kB     00:00    
(3/12): certbot-1.14.0-1.el8.noarch.rpm                                                                                                                                    1.2 MB/s |  51 kB     00:00    
(4/12): python3-configargparse-0.14.0-6.el8.noarch.rpm                                                                                                                     5.3 MB/s |  36 kB     00:00    
(5/12): python3-josepy-1.8.0-1.el8.noarch.rpm                                                                                                                               13 MB/s | 102 kB     00:00    
(6/12): python3-certbot-1.14.0-1.el8.noarch.rpm                                                                                                                             23 MB/s | 391 kB     00:00    
(7/12): python3-parsedatetime-2.5-1.el8.noarch.rpm                                                                                                                         9.4 MB/s |  79 kB     00:00    
(8/12): python3-pyrfc3339-1.1-1.el8.noarch.rpm                                                                                                                             2.9 MB/s |  19 kB     00:00    
(9/12): python3-zope-event-4.2.0-12.el8.noarch.rpm                                                                                                                          19 MB/s | 210 kB     00:00    
(10/12): python3-requests-toolbelt-0.9.1-4.el8.noarch.rpm                                                                                                                  5.2 MB/s |  91 kB     00:00    
(11/12): python3-zope-interface-4.6.0-1.el8.x86_64.rpm                                                                                                                      16 MB/s | 158 kB     00:00    
(12/12): python3-zope-component-4.3.0-8.el8.noarch.rpm                                                                                                                     7.1 MB/s | 313 kB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                       11 MB/s | 1.5 MB     00:00     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                   1/1 
  Installing       : python3-zope-event-4.2.0-12.el8.noarch                                                                                                                                           1/12 
  Installing       : python3-zope-interface-4.6.0-1.el8.x86_64                                                                                                                                        2/12 
  Installing       : python3-pyrfc3339-1.1-1.el8.noarch                                                                                                                                               3/12 
  Installing       : python3-zope-component-4.3.0-8.el8.noarch                                                                                                                                        4/12 
  Installing       : python3-requests-toolbelt-0.9.1-4.el8.noarch                                                                                                                                     5/12 
  Installing       : python3-parsedatetime-2.5-1.el8.noarch                                                                                                                                           6/12 
  Installing       : python3-configargparse-0.14.0-6.el8.noarch                                                                                                                                       7/12 
  Installing       : python-josepy-doc-1.8.0-1.el8.noarch                                                                                                                                             8/12 
  Installing       : python3-josepy-1.8.0-1.el8.noarch                                                                                                                                                9/12 
  Installing       : python3-acme-1.14.0-1.el8.noarch                                                                                                                                                10/12 
  Installing       : python3-certbot-1.14.0-1.el8.noarch                                                                                                                                             11/12 
  Installing       : certbot-1.14.0-1.el8.noarch                                                                                                                                                     12/12 
  Running scriptlet: certbot-1.14.0-1.el8.noarch                                                                                                                                                     12/12 
  Verifying        : certbot-1.14.0-1.el8.noarch                                                                                                                                                      1/12 
  Verifying        : python-josepy-doc-1.8.0-1.el8.noarch                                                                                                                                             2/12 
  Verifying        : python3-acme-1.14.0-1.el8.noarch                                                                                                                                                 3/12 
  Verifying        : python3-certbot-1.14.0-1.el8.noarch                                                                                                                                              4/12 
  Verifying        : python3-configargparse-0.14.0-6.el8.noarch                                                                                                                                       5/12 
  Verifying        : python3-josepy-1.8.0-1.el8.noarch                                                                                                                                                6/12 
  Verifying        : python3-parsedatetime-2.5-1.el8.noarch                                                                                                                                           7/12 
  Verifying        : python3-pyrfc3339-1.1-1.el8.noarch                                                                                                                                               8/12 
  Verifying        : python3-requests-toolbelt-0.9.1-4.el8.noarch                                                                                                                                     9/12 
  Verifying        : python3-zope-component-4.3.0-8.el8.noarch                                                                                                                                       10/12 
  Verifying        : python3-zope-event-4.2.0-12.el8.noarch                                                                                                                                          11/12 
  Verifying        : python3-zope-interface-4.6.0-1.el8.x86_64                                                                                                                                       12/12 
Installed products updated.

Installed:
  certbot-1.14.0-1.el8.noarch                          python-josepy-doc-1.8.0-1.el8.noarch              python3-acme-1.14.0-1.el8.noarch               python3-certbot-1.14.0-1.el8.noarch              
  python3-configargparse-0.14.0-6.el8.noarch           python3-josepy-1.8.0-1.el8.noarch                 python3-parsedatetime-2.5-1.el8.noarch         python3-pyrfc3339-1.1-1.el8.noarch               
  python3-requests-toolbelt-0.9.1-4.el8.noarch         python3-zope-component-4.3.0-8.el8.noarch         python3-zope-event-4.2.0-12.el8.noarch         python3-zope-interface-4.6.0-1.el8.x86_64        

Complete!
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1939  100  1939    0     0  11680      0 --:--:-- --:--:-- --:--:-- 11751
Installing CA certificate, please wait
Verified CN=ISRG Root X1,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   790  100   790    0     0  12343      0 --:--:-- --:--:-- --:--:-- 12343
Installing CA certificate, please wait
Verified CN=ISRG Root X2,O=Internet Security Research Group,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1826  100  1826    0     0  22825      0 --:--:-- --:--:-- --:--:-- 22825
Installing CA certificate, please wait
Verified CN=R3,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1021  100  1021    0     0  12451      0 --:--:-- --:--:-- --:--:-- 12451
Installing CA certificate, please wait
Verified CN=E1,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1826  100  1826    0     0  67629      0 --:--:-- --:--:-- --:--:-- 67629
Installing CA certificate, please wait
Verified CN=R4,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1021  100  1021    0     0  72928      0 --:--:-- --:--:-- --:--:-- 72928
Installing CA certificate, please wait
Verified CN=E2,O=Let's Encrypt,C=US
CA certificate successfully installed
The ipa-cacert-manage command was successful
Systemwide CA database updated.
Systemwide CA database updated.
The ipa-certupdate command was successful
Enter pass phrase for /var/lib/ipa/private/httpd.key:
unable to load Private Key
139901708355392:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:616:
139901708355392:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
139901708355392:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
139901708355392:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:
@rcritten
Copy link

rcritten commented Jul 8, 2021

Try it with this change: #34

@Sk1v
Copy link
Author

Sk1v commented Jul 9, 2021

Try it with this change: #34

This happens exactly when I started installation (setup-le.sh).

I added this to description

@rcritten
Copy link

rcritten commented Jul 9, 2021

What happens when you started installation? The failure to set locale?

That is unrelated. The problem is the private key can't be decrypted.

@Sk1v
Copy link
Author

Sk1v commented Jul 9, 2021

What happens when you started installation? The failure to set locale?

That is unrelated. The problem is the private key can't be decrypted.

When I run the script to install ssl (setup-le.sh), then I get an error that is written at the end of the log that I described

Enter pass phrase for /var/lib/ipa/private/httpd.key:
unable to load Private Key
139901708355392:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:616:
139901708355392:error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:63:
139901708355392:error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error:crypto/pkcs12/p12_decr.c:94:
139901708355392:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88:

@rcritten
Copy link

rcritten commented Jul 9, 2021

Right, try it with the patch I pointed to.

@strongy
Copy link

strongy commented Jul 10, 2021

Try it with this change: #34

this worked for me thanks

@Sk1v
Copy link
Author

Sk1v commented Jul 12, 2021

Right, try it with the patch I pointed to.

Unfortunately didn't work for me

@rcritten
Copy link

Can you please be more specific? What didn't work? Did the behavoir change?

@rcritten rcritten reopened this Jul 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@strongy @rcritten @Sk1v