freeipa team mailing list archive

Thread
Date

[Bug 1785157] [NEW] external (letsencrypt) certs failing to parse due to pyasn1

To: freeipa@xxxxxxxxxxxxxxxxxxx
From: William <1785157@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Aug 2018 02:27:03 -0000
Reply-to: Bug 1785157 <1785157@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

attempting a clean installation of freeipa-server on bionic using
letsencrypt certs passed as arguments fails with an error similar to:

<TagSet object at 0x7fcdaff30090 tags 0:32:16> not in asn1Spec: <OctetString schema object at 0x7fcdaff30c50 tagSet <TagSet object at 0x7fcdbda4b7d0 tags 0:0:4> encoding iso-8859-1>
The ipa-server-certinstall command failed

I was able to bypass this by downgrading pyasn1 and pyasn1-modules:

rm -rf /usr/lib/python2.7/dist-packages/pyasn1
rm -rf /usr/lib/python2.7/dist-packages/pyasn1-0.4.2.egg-info/
rm -rf /usr/lib/python2.7/dist-packages/pyasn1_modules
rm -rf /usr/lib/python2.7/dist-packages/pyasn1_modules-0.2.1.egg-info
apt install python-pip
pip install pyasn1==0.2.3
pip install pyasn1-modules==0.0.9

After that, installation is able to proceed with letsencrypt
certificates passed in.

** Affects: freeipa (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of FreeIPA,
which is subscribed to freeipa in Ubuntu.
https://bugs.launchpad.net/bugs/1785157

Title:
  external (letsencrypt) certs failing to parse due to pyasn1

Status in freeipa package in Ubuntu:
  New

Bug description:
  attempting a clean installation of freeipa-server on bionic using
  letsencrypt certs passed as arguments fails with an error similar to:

  <TagSet object at 0x7fcdaff30090 tags 0:32:16> not in asn1Spec: <OctetString schema object at 0x7fcdaff30c50 tagSet <TagSet object at 0x7fcdbda4b7d0 tags 0:0:4> encoding iso-8859-1>
  The ipa-server-certinstall command failed

  I was able to bypass this by downgrading pyasn1 and pyasn1-modules:

  rm -rf /usr/lib/python2.7/dist-packages/pyasn1
  rm -rf /usr/lib/python2.7/dist-packages/pyasn1-0.4.2.egg-info/
  rm -rf /usr/lib/python2.7/dist-packages/pyasn1_modules
  rm -rf /usr/lib/python2.7/dist-packages/pyasn1_modules-0.2.1.egg-info
  apt install python-pip
  pip install pyasn1==0.2.3
  pip install pyasn1-modules==0.0.9

  After that, installation is able to proceed with letsencrypt
  certificates passed in.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1785157/+subscriptions

Follow ups

[Bug 1785157] Re: external (letsencrypt) certs failing to parse due to pyasn1
From: Shawn Weeks, 2020-03-04
[Bug 1785157] [NEW] external (letsencrypt) certs failing to parse due to pyasn1
From: Launchpad Bug Tracker, 2018-08-03
[Bug 1785157] Re: external (letsencrypt) certs failing to parse due to pyasn1
From: Timo Aaltonen, 2018-08-03