Problem: SSL CERTIFICATE_VERIFY_FAILED During Join

Problem

A new server could not be joined to a domain.

Error message:

5.04.18 13:04:25.021 MODULE ( PROCESS ) : Konnte nicht mit dem DC Master ucs.domain.de verbinden: ('Could not send request.', SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'))

During domain join the new server connects to the master server via Apache/SSL.

Solution

The domain controller master got updated certificates recently (according to this SDB article). But the part cp ucsCA/CAcert.pem /var/www/ucs-root-ca.crt was skipped so the new certificates where unknown to Apache.

Copying the certificates as mentioned and restarting Apache (systemctl restart apache2) solved the issue and the new host was able to join the domain.

Mastodon