Hi,
I've retried to move date three weeks before 2020-12-08 and renew cert manually
# ipa-getcert resubmit -i "ID"
Resubmitting "20201102185036" to "dogtag-ipa-ca-renew-agent".
Here's one of the output log from journalctl -xe
# journalctl -xe
nov 17 18:08:27 ipa1.itec.lab certmonger[27108]: 2020-11-17 18:08:27 [27108]
Internal error
nov 17 18:08:29 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[28053]:
Traceback (most recent call last):
File
"/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 533, in
<module>
sys.exit(main())
File
"/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 507, in main
kinit_keytab(principal, paths.KRB5_KEYTAB, ccache_filename)
File
"/usr/lib/python2.7/site-packages/ipalib/install/kinit.py", line 47, in
kinit_keytab
cred
= gssapi.Credentials(name=name, store=store, usage='initiate')
File
"/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 64, in __new__
store=store)
File
"/usr/lib64/python2.7/site-packages/gssapi/creds.py", line 148, in acquire
usage)
File
"ext_cred_store.pyx", line 182, in gssapi.raw.ext_cred_store.acquire_cred_from
(gssapi/raw/ext_cred
GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more
information, Minor (252963
now all the certs (except from kerberos and CA ones) are status: CA_UNREACHABLE.
CA cert is status: NEED_CSR_GEN_PIN
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
