wir haben Seit gestern SSL Errors mit unseren LetsEncrypt erstellen Zertifikaten in OPSI.
der opsiconfd --health-check bringt folgendes:
Code: Alles auswählen
● SSL: ERROR
➔ Some SSL issues where found.
WARNING - The opsi CA certificate is OK but will expire in 89 days.
ERROR - The opsi CA is an intermediate CA and a problem has been found: Opsi CA is an intermediate CA, issuer is '/C=US/O=Let', unable to get local issuer certificate.
Make sure issuer certficate is in '/usr/lib/opsiconfd/certifi/cacert.pem' or specify a certificate database containing the issuer certificate via --ssl-trusted-certs.
OK - The opsi CA key is OK.
OK - The server certificate is OK and will expire in 89 days.
ERROR - Failed to verify server cert with opsi CA.
Code: Alles auswählen
skip-setup = [ssl, opsi_ca]
ssl-ca-subject-cn = opsi.domain.com
ssl-ciphers = TLSv1.2, TLSv1.3
ssl-ca-cert = /etc/opsi/ssl/letsencrypt/fullchain.pem
ssl-ca-key = /etc/opsi/ssl/letsencrypt/privkey.pem
ssl-server-cert = /etc/opsi/ssl/letsencrypt/fullchain.pem
ssl-server-key = /etc/opsi/ssl/letsencrypt/privkey.pem
Code: Alles auswählen
[3] [2024-02-06 11:19:08.048] [ ] Failed to get interface description: Opsi service connection error: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/opsi/ssl/opsi-ca-cert.pem (opsiservice.py:807)
Traceback (most recent call last):
File "opsicommon/client/opsiservice.py", line 886, in _request
File "requests/sessions.py", line 589, in request
File "requests/sessions.py", line 703, in send
File "requests/adapters.py", line 458, in send
File "requests/adapters.py", line 261, in cert_verify
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/opsi/ssl/opsi-ca-cert.pem
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "opsicommon/client/opsiservice.py", line 805, in connect
File "opsicommon/client/opsiservice.py", line 1178, in jsonrpc
File "opsicommon/client/opsiservice.py", line 1094, in post
File "opsicommon/client/opsiservice.py", line 989, in request
File "opsicommon/client/opsiservice.py", line 931, in _request
opsicommon.exceptions.OpsiServiceConnectionError: Opsi service connection error: Could not find a suitable TLS CA certificate bundle, invalid path: /etc/opsi/ssl/opsi-ca-cert.pem
[3] [2024-02-06 11:19:08.051] [ ] 'ServiceClient' object has no attribute 'host_getObjects' (opsipackageupdater.py:454)
Traceback (most recent call last):
File "opsiutils/opsipackageupdater.py", line 450, in main
File "opsiutils/opsipackageupdater.py", line 418, in updater_main
File "opsiutils/update_packages/Updater.py", line 115, in __init__
AttributeError: 'ServiceClient' object has no attribute 'host_getObjects'
ERROR: 'ServiceClient' object has no attribute 'host_getObjects'