Can't login to the FreeIPA web UI

For a time, we couldn’t login to the FreeIPA web interface at It kept saying “failed due to unknown error”. Trying to use the ipa command in fs-ipa gives a more informative error however (I tried ipa help topics):

ipa: ERROR: cannot connect to '': [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)

This error occurred because the self-signed certificate for the web interface had expired, since the FreeIPA web interface is not proxied through the main nginx instance on fs-web02 (and thus you need the VPN to access it).

To fix it, run the following command:


…and then follow the instructions. Then restart your browser and wait a few minutes.

Now it should be working again as intended.

This topic was automatically closed after 24 hours. New replies are no longer allowed.