Nico Maas via FreeIPA-users wrote: > I did a curl https://freeipa1.network.intranet:443/ca/rest/account/login and > got a 401 for missing authorization, which is fair. After the update, it just > outputs a 404 - so nothing there anymore / at least the CA REST API does not > work after update anymore. > > All certs are still valid (checking after snapshot restore) > getcert list | grep expires > expires: 2026-02-21 15:46:22 CET > expires: 2026-01-19 15:45:15 CET > expires: 2026-01-19 15:44:36 CET > expires: 2026-01-19 15:45:36 CET > expires: 2040-04-16 16:44:18 CEST > expires: 2026-01-19 15:44:56 CET > expires: 2026-01-19 15:45:18 CET > expires: 2026-02-21 15:45:37 CET > expires: 2026-12-04 08:51:27 CET > > I tried ipa-healthcheck before restoring the snapshot and it also told that > different REST API addresses are 404 and failed.
404 means that tomcat has not loaded the CA application. Look in /var/log/pki/pki-tomcat/ca/debug-<date>.log I'd recommend going to the bottom of the log, seeking up to the last start, then working down. The CA tends to continue on errors so the last may not be the root cause. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
