Nick Polites via FreeIPA-users wrote: > UPDATE: > > I have resolved the issue. The problem all stemmed from the > > $getcert list > > Having expired certificates. I had to startup IPA using > > ipactl start --ignore-service-failures > > and then issue the > > getcert resubmit -i <<request id>> > > One certificate came up as CA_UNREACHABLE but had a valid expiration date in > the future. I rebooted the VM and everything is working now. > > Thanks for all of the help but it is concerning that these do seem to break. > I have added a login warning prior to an O/S upgrade or reboot to check that > the certs are all valid.
Glad you got it working again. You'd have to read the journal to know for sure what certmonger did or didn't do. ipa-cert-fix is one way to repair expired certificates. ipa-healthcheck can be used to warn about a number of common issues with an IPA server configureation. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
