Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9165

Certbot 1.4.0 fails to enroll over RA peer

    Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 7.3.1.3
    • Fix Version/s: None
    • Component/s: None

      Description

      Testing ACME enrollment over external RA peer connection fails with Certbot 1.4.0 with the error:

      failed to parse fullchain into cert and chain: less than 2 certificates in chain
      

      When enrolling directly against the CA with certbot 1.4.0 that is successful.

      Certbot 1.3.0 works against RA or CA though.

      The only thing I can see from logging with certbot 1.4.0 is that enrolling directly against the CA logs the entire certificate chain being returned to the client.  When enrolling over RA peer only the EE certificate is logged.

        Attachments

        1. caEnroll_letsencrypt.log
          35 kB
        2. certbot_1_3_0_through_RA_CA.log
          148 kB
        3. certbot_1_4_0_through_CA.log
          117 kB
        4. certbot_1_4_0_through_RA_CA.log
          142 kB
        5. ra_ejbca.log
          4.96 MB
        6. raEnroll_letsencrypt.log.1
          30 kB

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            svenr Sven Rajala
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: