Jeremy Tourville via FreeIPA-users wrote:
> I recently updated my system. I am now at version 4.9.11. After the update
> I noticed the following output from healthcheck.
>
> # ipa-healthcheck
> ra.get_certificate(): Request failed with status 404: Non-2xx response from
> CA REST API: 404. Certificate ID 0x6f0000001f2421fafd6722322500000000001f not
> found (404)
> [
> {
> "source": "ipahealthcheck.dogtag.ca",
> "check": "DogtagCertsConnectivityCheck",
> "result": "ERROR",
> "uuid": "8a663c7d-77f9-4739-8029-c401b113fa5e",
> "when": "20231003134004Z",
> "duration": "0.093615",
> "kw": {
> "key": "cert_show_1",
> "error": "Certificate operation cannot be completed: Request failed
> with status 404: Non-2xx response from CA REST API: 404. Certificate ID
> 0x6f0000001f2421fafd6722322500000000001f not found (404)",
> "serial": "2475382717198593230277736537855912919378690079",
> "msg": "Serial number not found: {error}"
> }
> },
Is this an externally-signed CA? There was a bug in healthcheck that
didn't take this case into account. What version of healthcheck do you have?
> {
> "source": "ipahealthcheck.ipa.certs",
> "check": "IPACertTracking",
> "result": "WARNING",
> "uuid": "3c183bb0-bffc-403a-9899-a59a4d29750b",
> "when": "20231003134009Z",
> "duration": "1.819175",
> "kw": {
> "key": "20230901185953",
> "msg": "certmonger tracking request {key} found and is not expected on
> an IPA master."
> }
> }
> ]
You need to see what this tracking request is. It may be perfectly valid
for your setup, it just isn't an expected cert: getcert list -i
"20230901185953",
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
