Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 8): Bug 1934991
Description of problem: When RHEL8.3 server migrated to RHEL8.4, ACME fails to generate the cert and throws a traceback in acme debug log. Version-Release number of selected component (if applicable): ipa-server 4.9.2 1.module+el8.4.0+9973+3d202164 pki-ca 10.10.5 1.module+el8.4.0+10167+ab954dab How reproducible: always Steps to Reproduce: 1. Install RHEL8.3 master 2. Install replica on RHEL8.4 machine and migrate(make it ca renewal master and enable crl generation role on it). Remove master safely. take inspiration from https://access.redhat.com/documentation/en-us/red_hat_ent erprise_linux/8/html-single/installing_identity_management/index#migrating 3. install client against rhel8.4 replica (migrated master) 4. enable the acme role on rhel8.4 replica $ ipa-acme-manage enable 5. install httpd and mod_md on client 6. set selinux boolean on client $ setsebool -P httpd_can_network_connect 1 7. request acme cert using mod_md on client [root@client ~]# cat >/etc/httpd/conf.d/acme.conf <<EOF LogLevel warn md:notice MDCertificateAuthority https://ipa-ca.testrelm.test/acme/directory MDCertificateAgreement accepted MDomain client.testrelm.test <VirtualHost *:443> ServerName client.testrelm.test SSLEngine on # no certificates specification </VirtualHost> EOF [root@client ~]# systemctl restart httpd [root@client ~]# systemctl reload httpd 8. Try accessing client from master $ curl -v https://<client-hostname> Actual results: ACME certificate not issued. traceback in debug log (attached to bug) "Unable to get enrollment template for acmeIPAServerCert: Profile not found" Expected results: No traceback and ACME cert issued Additional info:
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1934991
Metadata Update from @rcritten: - Issue assigned to rcritten
https://github.com/freeipa/freeipa/pull/5605
master:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.