PKI 11.5.0 requires the ACME service to be removed separately from the CA service.
To do so execute:
pki-server acme-remove
This will further change with 11.6.0 where pkispawn will handle the removal of ACME via
pkidestroy -s ACME --remove-conf --remove-logs
Therefore it is probably wise to implement this in DogtagInstance.uninstall. A special case will be required for ACME for 11.5.0 but for 11.6.0 we may be able to treat it as just another subsystem. This might involve creating a separate file acmeinstance.py with only an uninstall routine. That might be the clearest way. We can alternatively just bolt on calls to uninstall directly using "ACME" as the subsystem. It might be less elegant but could benefit from being clearer as ACME is still, at least for now, automatically deployed.
Metadata Update from @rcritten: - Issue assigned to rcritten
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://issues.redhat.com/browse/FREEIPA-11604
To uninstall correctly with PKI 11.6.0 we need to: - rebase to 4.12.2 in order to pick up clean patch 8293b74 - remove the file paths.ADMIN_CERT_PATH) - remove the file paths.KRACERT.P12 - add --remove-conf --remove-logs to all pkidestroy calls - uninstall the ACME service prior to the CA
https://github.com/freeipa/freeipa/pull/7549
I believe Fedora Infrastructure is being bitten by this issue: https://pagure.io/fedora-infrastructure/issue/12149
master:
ipa-4-12:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-61636, https://issues.redhat.com/browse/RHEL-61642 (was: https://issues.redhat.com/browse/FREEIPA-11604)
Log in to comment on this ticket.