Hello. Trying to enroll Ubuntu 24.04 to domain, but it says "certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa2.dom.loc'. (_ssl.c :1000)" But when I trying ipa web adress via browser it's seems fine. It's selfsigned like always, but date and name are fine. And just recently I have successfully added another one host How can I fix it? Maybe I can disable certificate checking somehow, just for start?
sudo ipa-client-install --hostname dit-ntb-spc39-1797875.dom.loc --server=ipa2.dom.loc --enable-dns-updates --domain dom.loc --mkhomedir -p admin -w Password --force-join This program will set up IPA client. Version 4.11.1 WARNING: conflicting time&date synchronization service 'ntp' will be disabled in favor of chronyd Using existing certificate '/etc/ipa/ca.crt'. Autodiscovery of servers for failover cannot work with this configuration. If you proceed with the installation, services will be configured to always access the discovered server for all operations and will not fail over to other servers in case of failure. Proceed with fixed values and no DNS discovery? [no]: y Do you want to configure chrony with NTP server or pool address? [no]: Client hostname: dit-ntb-spc39-1797875.dom.loc Realm: dom.loc DNS Domain: dom.loc IPA Server: ipa2.dom.loc BaseDN: dc=l3874,dc=ru Continue to configure the system with these values? [no]: y Removed old keys for realm dom.loc from /etc/krb5.keytab Synchronizing time Configuration of chrony was changed by installer. Attempting to sync time with chronyc. Time synchronization was successful. Enrolled in IPA realm dom.loc Created /etc/ipa/default.conf Domain dom.loc is already configured in existing SSSD config, creating a new one. The old /etc/sssd/sssd.conf is backed up and will be restored during uninstall. Configured /etc/sssd/sssd.conf Connection to https://ipa2.dom.loc/ipa/json failed with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa2.dom.loc'. (_ssl.c :1000) Connection to https://ipa.dom.loc/ipa/json failed with [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Hostname mismatch, certificate is not valid for 'ipa.dom.loc'. (_ssl.c:1000) cannot connect to 'любой из настроенных серверов': https://ipa2.dom.loc/ipa/json, https://ipa.dom.loc/ipa/json The ipa-client-install command failed. See /var/log/ipaclient-install.log for more information -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
