Hi, On Mon, Jul 22, 2024 at 4:33 PM Rob Crittenden via FreeIPA-users < [email protected]> wrote:
> Vadim Dobroskokin via FreeIPA-users wrote: > > Rob Crittenden wrote: > > The final line should read "INFO: ACME engine started" > > > > Yes, this line is in the log > > ``` > > 2024-07-18 13:18:27 [main] INFO: Loading ACME monitors config from > /var/lib/pki/pki-tomcat/conf/acme/configsources.conf > > > 2024-07-18 13:18:27 [main] INFO: ACME service is DISABLED by > configuration > > > > 2024-07-18 13:18:27 [main] INFO: ACME wildcard issuance is DISABLED by > configuration > > > 2024-07-18 13:18:27 [main] INFO: Loading ACME realm config from > /var/lib/pki/pki-tomcat/conf/acme/realm.conf > > > 2024-07-18 13:18:27 [main] INFO: Initializing ACME realm > > > > 2024-07-18 13:18:27 [main] INFO: Initializing LDAP realm > > > > 2024-07-18 13:18:27 [ACMEEngineConfigFileSource] INFO: > ACMEEngineConfigSource: watching /etc/pki/pki-tomcat/acme/engine.conf > > > > 2024-07-18 13:18:27 [main] INFO: Loading LDAP realm config from > /etc/pki/pki-tomcat/ca/CS.cfg > > > > 2024-07-18 13:18:27 [main] INFO: - users DN: ou=people,o=ipaca > > > > 2024-07-18 13:18:27 [main] INFO: - groups DN: ou=groups,o=ipaca > > > > 2024-07-18 13:18:27 [main] INFO: PKISocketFactory: Initializing > PKISocketFactory > > > 2024-07-18 13:18:27 [main] INFO: PKISocketFactory: Creating SSL socket > for ipa01.example.com:636 > > > 2024-07-18 13:18:27 [main] INFO: ACME engine started > > > > 2024-07-18 13:18:27 [main] INFO: Initializing ACMEApplication > > > > 2024-07-18 13:23:27 [pool-3-thread-1] INFO: Running ACME maintenance > > ``` > > vadim > > > > That's pretty similar to my working system. > > Endi, what do you think we should try next? > I a previous email there was mention of the following error message: ipapython.admintool: ERROR: Failed to authenticate to CA REST API Can you check if the issue is indeed related to an authentication issue? curl -v --cert /var/lib/ipa/ra-agent.pem --key /var/lib/ipa/ra-agent.key https://`hostname`:8443/acme/login If this command fails, it may be related to an expired ra-agent.pem certificate. Check its expiration status with getcert list -f /var/lib/ipa/ra-agent.pem (it should show as MONITORING and should have an expiration date in the future). flo > rob > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
