[Freeipa-users] Re: DBusException: org.fedorahosted.certmonger.duplicate: Certificate at same location is already used by

Tue, 18 Jan 2022 05:46:32 -0800 


On 18/01/2022 13:36, lejeczek via FreeIPA-users wrote:

Hi guys,


That's new, well, I've never seen it. I got on a replica 
candidate so I thought I'd make a first new master and yet:



-> $ ipa-server-install --setup-dns --setup-kra 
--no-forwarders --idstart=57400000 --admin-password=diradm 
--ds-password=dirsrv --enable-compat --setup-adtrust

...
  [6/9]: configure certificate renewals

  [error] DBusException: 
org.fedorahosted.certmonger.duplicate: Certificate at same 
location is already used by request with nickname 
"20210709164208".
org.fedorahosted.certmonger.duplicate: Certificate at same 
location is already used by request with nickname 
"20210709164208".
The ipa-server-install command failed. See 
/var/log/ipaserver-install.log for more information


in log file:
...

2022-01-18T13:30:02Z DEBUG   [6/9]: configure certificate 
renewals
2022-01-18T13:30:02Z DEBUG Loading StateFile from 
'/var/lib/ipa/sysrestore/sysrestore.state'

2022-01-18T13:30:03Z DEBUG Traceback (most recent call last):

  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/service.py", 
line 635, in start_creation

    run_step(full_msg, method)

  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/service.py", 
line 621, in run_step

    method()

  File 
"/usr/lib/python3.6/site-packages/ipaserver/install/dogtaginstance.py", 
line 486, in configur

e_renewal
    profile=self.tracking_reqs[nickname],

  File 
"/usr/lib/python3.6/site-packages/ipalib/install/certmonger.py", 
line 576, in start_tracking

    result = cm.obj_if.add_request(params)

  File 
"/usr/lib64/python3.6/site-packages/dbus/proxies.py", line 
145, in __call__

    **keywords)

  File 
"/usr/lib64/python3.6/site-packages/dbus/connection.py", 
line 651, in call_blocking

    message, timeout)

dbus.exceptions.DBusException: 
org.fedorahosted.certmonger.duplicate: Certificate at same 
location i

s already used by request with nickname "20210709164208".


2022-01-18T13:30:03Z DEBUG   [error] DBusException: 
org.fedorahosted.certmonger.duplicate: Certifica
te at same location is already used by request with 
nickname "20210709164208".

2022-01-18T13:30:03Z DEBUG Removing /var/lib/ipa/tmp-brry92se

2022-01-18T13:30:03Z DEBUG Removing 
/root/.dogtag/pki-tomcat/kra
2022-01-18T13:30:03Z DEBUG   File 
"/usr/lib/python3.6/site-packages/ipapython/admintool.py", 
line 18

0, in execute
    return_value = self.run()

  File 
"/usr/lib/python3.6/site-packages/ipapython/install/cli.py", 
line 342, in run

    return cfgr.run()

  File 
"/usr/lib/python3.6/site-packages/ipapython/install/core.py", 
line 360, in run

    return self.execute()

  File 
"/usr/lib/python3.6/site-packages/ipapython/install/core.py", 
line 386, in execute

    for rval in self._executor():

  File 
"/usr/lib/python3.6/site-packages/ipapython/install/core.py", 
line 431, in __runner

    exc_handler(exc_info)

  File 
"/usr/lib/python3.6/site-packages/ipapython/install/core.py", 
line 460, in _handle_execute_ex

ception

How could this be, with first master??
many thanks, L.
_______________________________________________


I've missed the following first time on that failing box:
-> $ ipa-server-install --uninstall
...
If this server is the last instance of CA,
KRA, or DNSSEC master, uninstallation may result in data loss.

Are you sure you want to continue with the uninstall 
procedure? [no]: yes
Failed to get request: Criteria expected to be met by 1 
request, got 2.
certmonger failed to stop tracking certificate: Criteria 
expected to be met by 1 request, got 2.
Failed to get request: Criteria expected to be met by 1 
request, got 2.
certmonger failed to stop tracking certificate: Criteria 
expected to be met by 1 request, got 2.
Failed to get request: Criteria expected to be met by 1 
request, got 2.
certmonger failed to stop tracking certificate: Criteria 
expected to be met by 1 request, got 2.

Shutting down all IPA services

Failed to remove DS instance. No serverid present in 
sysrestore file.

Some certificates may still be tracked by certmonger.
This will cause re-installation to fail.

Start the certmonger service and list the certificates being 
tracked

 # getcert list
These may be untracked by executing
 # getcert stop-tracking -i <request_id>

for each id in: 20210709164208, 20210709164209, 
20210709164210, 20220116175552, 20220116175553, 20220116175554

Removing IPA client configuration
The ipa-client-install command was successful
The ipa-server-install command was successful


What that be symptom of and why would '--uninstall' not take 
care of such case? (where never any CA management took place 
outside of IPA)


many thanks, L.


_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure






















					Reply via email to