Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9165

Certbot 1.4.0-1.6.0 fails to enroll over RA peer

    Details

      Description

      Testing ACME enrollment over external RA peer connection fails with Certbot 1.4.0 with the error:

      failed to parse fullchain into cert and chain: less than 2 certificates in chain
      

      When enrolling directly against the CA with certbot 1.4.0 that is successful.

      Certbot 1.3.0 works against RA or CA though.

      The only thing I can see from logging with certbot 1.4.0 is that enrolling directly against the CA logs the entire certificate chain being returned to the client.  When enrolling over RA peer only the EE certificate is logged.

        Attachments

        1. acmeTesting-23Jul2020.gz
          428 kB
        2. caEnroll_letsencrypt.log
          35 kB
        3. certbot_1_3_0_through_RA_CA.log
          148 kB
        4. certbot_1_4_0_through_CA.log
          117 kB
        5. certbot_1_4_0_through_RA_CA.log
          142 kB
        6. ra_ejbca.log
          4.96 MB
        7. raEnroll_letsencrypt.log.1
          30 kB

          Issue Links

            Activity

              People

              Assignee:
              katja_helmes Jekaterina Bunina
              Reporter:
              svenr Sven Rajala
              Verified by:
              Samuel Lidén Borell
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 days Original Estimate - 3 days
                  3d
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 days, 3 hours
                  3d 3h