daryltucker · February 26, 2021 21:43
diff --git a/LetsEncrypt_FreeIPA_Certificate_Chaining.sh b/LetsEncrypt_FreeIPA_Certificate_Chaining.sh
 # Add LetsEncrypt chains to FreeIPA for transition to proper CA (Feb 2021)
 #  > The full certificate chain is not present in /etc/letsencrypt/live/${DOMAIN}/privkey.pem ...
 #  > The ipa-server-certinstall command failed.


 # Grab Certificates from FreeIPA ( https://letsencrypt.org/certificates/ )
 cd /tmp/
 wget https://letsencrypt.org/certs/isrgrootx1.pem
 wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem
 wget https://letsencrypt.org/certs/trustid-x3-root.pem
 wget https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
 wget https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem
 wget https://letsencrypt.org/certs/lets-encrypt-r3.pem


 # Add Certificates to FreeIPA CA
 ipa-cacert-manage install isrgrootx1.pem -n ISRGRootCAX1 -t C,,
 ipa-cacert-manage install letsencryptauthorityx3.pem -n ISRGRootCAX3 -t C,,
 ipa-cacert-manage install trustid-x3-root.pem -n TrustIDCAX3 -t C,,
 ipa-cacert-manage install lets-encrypt-r3-cross-signed.pem -n LetsEncryptCAR3-cross -t C,,
 ipa-cacert-manage install isrg-root-x1-cross-signed.pem -n ISRGRootCAX1-cross -t C,,
 ipa-cacert-manage install lets-encrypt-r3.pem -n LetsEncryptCAR3 -t C,,
 ipa-certupdate -v

 # Add new domain LetsEncrypt Certificate
 DOMAIN=sub.domain.tld
 DIRMAN_PASSWORD=
 KEY_PASSWORD=
 ipa-server-certinstall -w -d /etc/letsencrypt/live/${DOMAIN}/fullchain.pem /etc/letsencrypt/live/${DOMAIN}/privkey.pem --dirman-password="${DIRMAN_PASSWORD}" --pin="${KEY_PASSWORD}"

 ipactl restart
	# Add LetsEncrypt chains to FreeIPA for transition to proper CA (Feb 2021)
	# > The full certificate chain is not present in /etc/letsencrypt/live/${DOMAIN}/privkey.pem ...
	# > The ipa-server-certinstall command failed.


	# Grab Certificates from FreeIPA ( https://letsencrypt.org/certificates/ )
	cd /tmp/
	wget https://letsencrypt.org/certs/isrgrootx1.pem
	wget https://letsencrypt.org/certs/letsencryptauthorityx3.pem
	wget https://letsencrypt.org/certs/trustid-x3-root.pem
	wget https://letsencrypt.org/certs/lets-encrypt-r3-cross-signed.pem
	wget https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem
	wget https://letsencrypt.org/certs/lets-encrypt-r3.pem


	# Add Certificates to FreeIPA CA
	ipa-cacert-manage install isrgrootx1.pem -n ISRGRootCAX1 -t C,,
	ipa-cacert-manage install letsencryptauthorityx3.pem -n ISRGRootCAX3 -t C,,
	ipa-cacert-manage install trustid-x3-root.pem -n TrustIDCAX3 -t C,,
	ipa-cacert-manage install lets-encrypt-r3-cross-signed.pem -n LetsEncryptCAR3-cross -t C,,
	ipa-cacert-manage install isrg-root-x1-cross-signed.pem -n ISRGRootCAX1-cross -t C,,
	ipa-cacert-manage install lets-encrypt-r3.pem -n LetsEncryptCAR3 -t C,,
	ipa-certupdate -v

	# Add new domain LetsEncrypt Certificate
	DOMAIN=sub.domain.tld
	DIRMAN_PASSWORD=
	KEY_PASSWORD=
	ipa-server-certinstall -w -d /etc/letsencrypt/live/${DOMAIN}/fullchain.pem /etc/letsencrypt/live/${DOMAIN}/privkey.pem --dirman-password="${DIRMAN_PASSWORD}" --pin="${KEY_PASSWORD}"

	ipactl restart