Problem
Running univention-run-diagnostic-checks -t all brings a traceback
Environment
You are using the Let’s Encrypt app and have installed public certificates.
Test fails for saml certificate check:
univention-run-diagnostic-checks -t 04_saml_certificate_check
Traceback (most recent call last):
File "/usr/bin/univention-run-diagnostic-checks", line 131, in <module>
sys.exit(CLIClient.main())
File "/usr/bin/univention-run-diagnostic-checks", line 68, in main
client = Client(None, args.username, args.password)
File "/usr/lib/python2.7/dist-packages/univention/lib/umc.py", line 362, in __init__
self.authenticate(username, password)
File "/usr/lib/python2.7/dist-packages/univention/lib/umc.py", line 375, in authenticate
return self.umc_auth(username, password)
File "/usr/lib/python2.7/dist-packages/univention/lib/umc.py", line 485, in umc_auth
return self.request('POST', 'auth', data)
File "/usr/lib/python2.7/dist-packages/univention/lib/umc.py", line 515, in request
return self.send(request)
File "/usr/lib/python2.7/dist-packages/univention/lib/umc.py", line 540, in send
raise ConnectionError('Could not send request.', reason=exc)
univention.lib.umc.ConnectionError: ('Could not send request.', CertificateError("hostname 'ucs-local.example.com' doesn't match either of 'cloud.example.com', 'mail.example.com', 'example.com', example.com",))
The check tries to access the host ucs-local.example.com but the certificate presented there does not include the local hostname.
Solution
Configure Apache on your system to use an additional VirtualHost (based on this article) to present the correct local certificate when accessing through local hostname.
<VirtualHost *:443>
SSLEngine on
ServerName ucs-local.example.com
SSLCertificateFile /etc/univention/ssl/ucs-local.example.com/cert.pem
SSLCertificateKeyFile /etc/univention/ssl/ucs-local.example.com/private.key
SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem
</VirtualHost>
systemctl restart apache2