Hi Omar, can you give us more information? How many servers/replicas do you have, and on how many do you have expired certs?
The repair procedure must start on the server that is currently CA master. You can find which one is CA master by using "ipa config-show | grep renewal". Warning, if the replication is broken the result may be different on different servers. In this case, pick the server that you want to use as source of data and perform the repair steps on this server. I am not sure if you tried ipa-cert-fix or the method changing the date into the past. In any case, try to repair one server first and the replicas can be re-initialized later with the data from this server. Can you provide the output of "getcert list" on this server? It will help us identify which certs need to be renewed. flo On Fri, Mar 31, 2023 at 10:55 PM Omar Pagan via FreeIPA-users < [email protected]> wrote: > but it seems that I'm getting the clock skew error for the directory > service every time I try to resubmit the cert renewal because the rolling > back of the date/time to the local server is affecting the clock for the > directory service. I think that's causing my renewals to fail. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
