Some other information that might be helpful... Running sudo ipa cert-show 1 on both machines returns the cert info in the command line.
But running sudo ipa-acme-manage pruning --config-show on both machines fails with: Failed to authenticate to CA REST API The ipa-acme-manage command failed. In the web UI on the Authentication > Certificates page I could see some certs that looked old (they contained old hostnames from years back). I though this might be related to the errors so I manually revoked them. It got me thinking about how to remove old certs automatically which lead me to this page (https://freeipa.readthedocs.io/en/latest/designs/expired_certificate_pruning.html) which is where I found the ipa-acme-manage pruning --config-show command. -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
