Dear flo,
At this point you also need to restart pki:
Thanks, restarted and resubmitted the request, then wait, but sadly I guess something else may also need attention?
Best wishes Stuart ---------------------------------------------------------------------------------------------------------------- [root@freeipa01 ~]# systemctl status [email protected] ● [email protected] - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-09-16 09:03:41 BST; 1 months 0 days left Process: 1236 ExecStartPre=/usr/bin/pkidaemon start pki-tomcat (code=exited, status=0/SUCCESS) Main PID: 1353 (java) Tasks: 91 (limit: 4915) CGroup: /system.slice/system-pki\x2dtomcatd.slice/[email protected] └─1353 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy -Djava.library.path=/usr/lib64/nuxwd Aug 16 09:42:58 freeipa01.our_domain server[1353]: Aug 16, 2020 9:42:58 AM org.apache.catalina.core.ContainerBase bac Aug 16 09:42:58 freeipa01.our_domain server[1353]: WARNING: Exception processing realm com.netscape.cms.tomcat.ProxyR Aug 16 09:42:58 freeipa01.our_domain server[1353]: javax.ws.rs.ServiceUnavailableException: Subsystem unavailable Aug 16 09:42:58 freeipa01.our_domain server[1353]: at com.netscape.cms.tomcat.ProxyRealm.backgroundProcess(Pr Aug 16 09:42:58 freeipa01.our_domain server[1353]: at org.apache.catalina.core.ContainerBase.backgroundProces Aug 16 09:42:58 freeipa01.our_domain server[1353]: at org.apache.catalina.core.StandardContext.backgroundProc Aug 16 09:42:58 freeipa01.our_domain server[1353]: at org.apache.catalina.core.ContainerBase$ContainerBackgro Aug 16 09:42:58 freeipa01.our_domain server[1353]: at org.apache.catalina.core.ContainerBase$ContainerBackgro Aug 16 09:42:58 freeipa01.our_domain server[1353]: at org.apache.catalina.core.ContainerBase$ContainerBackgro Aug 16 09:42:58 freeipa01.our_domain server[1353]: at java.lang.Thread.run(Thread.java:748) [root@freeipa01 ~]# systemctl restart [email protected] [root@freeipa01 ~]# systemctl status [email protected] ● [email protected] - PKI Tomcat Server pki-tomcat Loaded: loaded (/lib/systemd/system/[email protected]; enabled; vendor preset: disabled) Active: active (running) since Sun 2020-08-16 09:43:19 BST; 3s ago Process: 1987 ExecStop=/usr/libexec/tomcat/server stop (code=exited, status=0/SUCCESS) Process: 2021 ExecStartPre=/usr/bin/pkidaemon start pki-tomcat (code=exited, status=0/SUCCESS) Main PID: 2135 (java) Tasks: 17 (limit: 4915) CGroup: /system.slice/system-pki\x2dtomcatd.slice/[email protected] └─2135 /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -DRESTEASY_LIB=/usr/share/java/resteasy -Djava.library.path=/usr/lib64/nuxwd Aug 16 09:43:22 freeipa01.our_domain server[2135]: Aug 16, 2020 9:43:22 AM org.apache.catalina.startup.HostConfig dep Aug 16 09:43:22 freeipa01.our_domain server[2135]: INFO: Deploying configuration descriptor /etc/pki/pki-tomcat/Catal Aug 16 09:43:22 freeipa01.our_domain server[2135]: Aug 16, 2020 9:43:22 AM org.apache.jasper.servlet.TldScanner scanJ Aug 16 09:43:22 freeipa01.our_domain server[2135]: INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Aug 16 09:43:22 freeipa01.our_domain server[2135]: Aug 16, 2020 9:43:22 AM org.apache.catalina.startup.HostConfig dep Aug 16 09:43:22 freeipa01.our_domain server[2135]: INFO: Deployment of configuration descriptor /etc/pki/pki-tomcat/C Aug 16 09:43:22 freeipa01.our_domain server[2135]: Aug 16, 2020 9:43:22 AM org.apache.catalina.startup.HostConfig dep Aug 16 09:43:22 freeipa01.our_domain server[2135]: INFO: Deploying configuration descriptor /etc/pki/pki-tomcat/Catal Aug 16 09:43:22 freeipa01.our_domain server[2135]: SSLAuthenticatorWithFallback: Creating SSL authenticator with fall Aug 16 09:43:22 freeipa01.our_domain server[2135]: SSLAuthenticatorWithFallback: Setting container [root@freeipa01 ~]# getcert resubmit -i 20170405152512 Resubmitting "20170405152512" to "IPA". [root@freeipa01 ~]# sleep 120 [root@freeipa01 ~]# getcert list -i 20170405152512 Number of certificates and requests being tracked: 8. Request ID '20170405152512': status: CA_UNREACHABLE ca-error: Server at https://freeipa01.our_domain/ipa/xml failed request, will retry: 4035 (RPC failed at server. Request failed with status 500: Non-2xx response from CA REST API: 500. ). stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=OUR_DOMAIN subject: CN=freeipa01.our_domain,O=OUR_DOMAIN expires: 2020-09-04 17:46:56 BST principal name: HTTP/freeipa01.our_domain@OUR_DOMAIN key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/libexec/ipa/certmonger/restart_httpd track: yes auto-renew: yes [root@freeipa01 ~]# date Sun 16 Aug 09:46:26 BST 2020 [root@freeipa01 ~]# getcert list -i 20170405152512 Number of certificates and requests being tracked: 8. Request ID '20170405152512': status: CA_UNREACHABLE ca-error: Server at https://freeipa01.our_domain/ipa/xml failed request, will retry: 4035 (RPC failed at server. Request failed with status 500: Non-2xx response from CA REST API: 500. ). stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=OUR_DOMAIN subject: CN=freeipa01.our_domain,O=OUR_DOMAIN expires: 2020-09-04 17:46:56 BST principal name: HTTP/freeipa01.our_domain@OUR_DOMAIN key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/libexec/ipa/certmonger/restart_httpd track: yes auto-renew: yes [root@freeipa01 ~]# date Sun 16 Aug 09:53:16 BST 2020 [root@freeipa01 ~]#
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
