Problem: univention-run-diagnostic-checks Brings A Traceback On Certificate Check


Running univention-run-diagnostic-checks -t all brings a traceback


You are using the Let’s Encrypt app and have installed public certificates.
Test fails for saml certificate check:

univention-run-diagnostic-checks -t 04_saml_certificate_check

Traceback (most recent call last):
  File "/usr/bin/univention-run-diagnostic-checks", line 131, in <module>
  File "/usr/bin/univention-run-diagnostic-checks", line 68, in main
    client = Client(None, args.username, args.password)
  File "/usr/lib/python2.7/dist-packages/univention/lib/", line 362, in __init__
    self.authenticate(username, password)
  File "/usr/lib/python2.7/dist-packages/univention/lib/", line 375, in authenticate
    return self.umc_auth(username, password)
  File "/usr/lib/python2.7/dist-packages/univention/lib/", line 485, in umc_auth
    return self.request('POST', 'auth', data)
  File "/usr/lib/python2.7/dist-packages/univention/lib/", line 515, in request
    return self.send(request)
  File "/usr/lib/python2.7/dist-packages/univention/lib/", line 540, in send
    raise ConnectionError('Could not send request.', reason=exc)
univention.lib.umc.ConnectionError: ('Could not send request.', CertificateError("hostname '' doesn't match either of '', '',  '',",))

The check tries to access the host but the certificate presented there does not include the local hostname.


Configure Apache on your system to use an additional VirtualHost (based on this article) to present the correct local certificate when accessing through local hostname.

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/univention/ssl/
    SSLCertificateKeyFile /etc/univention/ssl/
    SSLCACertificateFile /etc/univention/ssl/ucsCA/CAcert.pem

systemctl restart apache2