Bug #15507
closedKatello 3.0.1 installation fails - Crane: Failed to configure CA certificate chain!
Description
Hi
I am trying to install Katello. I am using my own certificates, so I do like this:
sudo foreman-installer --scenario katello \
--certs-server-cert="/etc/pki/tls/certs/katello.local.crt" \
--certs-server-cert-req="/etc/pki/tls/csr/katello.local.csr" \
--certs-server-key="/etc/pki/tls/private/katello.local.key" \
--certs-server-ca-cert="/etc/pki/tls/certs/CompanyInternalCA.crt"
...
Bu installation fails with:
[ERROR 2016-06-23 13:13:36 verbose] /Stage[main]/Apache::Service/Service[httpd]/ensure: change from stopped to running failed: Could not start Service[httpd]: Execution of '/usr/share/katello-installer-base/modules/service_wait/bin/service-wait start httpd' returned 1: Redirecting to /bin/systemctl start httpd.service
sudo cat /var/log/httpd/error_log
[Thu Jun 23 13:15:54.289451 2016] [ssl:emerg] [pid 10568] AH02311: Fatal error initialising mod_ssl, exiting. See /var/log/httpd/crane_error_ssl.log for more informationsudo cat /var/log/httpd/crane_error_ssl.log
[Thu Jun 23 13:13:36.150962 2016] [ssl:emerg] [pid 10139] AH01903: Failed to configure CA certificate chain!
[Thu Jun 23 13:15:54.289440 2016] [ssl:emerg] [pid 10568] AH01903: Failed to configure CA certificate chain!
@sudo cat /etc/httpd/conf.d/03-crane.conf
- ****************************
- Vhost template in module puppetlabs-apache
- Managed by Puppet
- ****************************
<VirtualHost *:5000>
ServerName katello.local
- Vhost docroot
DocumentRoot "/usr/share/crane/"
- Directories, there should at least be a declaration for /usr/share/crane/
<Directory "/usr/share/crane/">
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
- Logging
ErrorLog "/var/log/httpd/crane_error_ssl.log"
ServerSignature Off
CustomLog "/var/log/httpd/crane_access_ssl.log" combined
- SSL directives
SSLEngine on
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
SSLCertificateChainFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLCACertificatePath "/etc/pki/tls/certs"
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
SSLVerifyClient optional
SSLVerifyDepth 3
SSLOptions +StdEnvVars +ExportCertData +FakeBasicAuth
- SSL Proxy directives
SSLProxyEngine On
WSGIScriptAlias / "/usr/share/crane/crane.wsgi"
</VirtualHost>@
I checked with katello-certs-check tool and my certs are ok.
Updated by Edgars Mazurs almost 9 years ago
This looks like the same issue as http://projects.theforeman.org/issues/12265
Updated by Eric Helms almost 9 years ago
- Assignee set to Eric Helms
- Translation missing: en.field_release set to 171
Updated by Justin Sherrill over 8 years ago
- Has duplicate Bug #12265: Installing custom SSL using katello-installer causes system to become unusable added
Updated by Edgars Mazurs over 8 years ago
I was able to fix it by regenerating SSL certs. Not sure what was the issue with them.
Updated by Justin Sherrill almost 8 years ago
- Translation missing: en.field_release deleted (
171)
Updated by Eric Helms almost 8 years ago
- Status changed from New to Resolved
- Translation missing: en.field_release set to 166