> Sorry I forgot to mention, you need to provide decimal values. In this
> case 31 and 33.
>
> rob
Ok - that ran without error, but doesn't seem to have made a difference:
# systemctl status certmonger -l
● certmonger.service - Certificate monitoring and PKI enrollment
Loaded: loaded (/usr/lib/systemd/system/certmonger.service; enabled; vendor
preset: disabled)
Active: active (running) since Tue 2025-06-24 10:04:51 EDT; 3min 46s ago
Main PID: 26048 (certmonger)
Memory: 6.4M
CGroup: /system.slice/certmonger.service
└─26048 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n
Jun 24 10:05:43 [HOSTNAME] certmonger[26048]: 2025-06-24 10:05:43 [26048] Error
58 connecting to https://[HOSTNAME]:8443/ca/agent/ca/profileReview: Problem
with the local SSL certificate.
Jun 24 10:05:53 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26146]: Forwarding
request to dogtag-ipa-renew-agent
Jun 24 10:05:53 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26146]:
dogtag-ipa-renew-agent returned 3
Jun 24 10:05:53 [HOSTNAME] certmonger[26048]: 2025-06-24 10:05:53 [26048] Error
58 connecting to https://[HOSTNAME]:8443/ca/agent/ca/profileReview: Problem
with the local SSL certificate.
Jun 24 10:06:03 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26142]: Forwarding
request to dogtag-ipa-renew-agent
Jun 24 10:06:03 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26142]:
dogtag-ipa-renew-agent returned 3
Jun 24 10:06:03 [HOSTNAME] certmonger[26048]: 2025-06-24 10:06:03 [26048] Error
58 connecting to https://[HOSTNAME]:8443/ca/agent/ca/profileReview: Problem
with the local SSL certificate.
Jun 24 10:06:13 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26145]: Forwarding
request to dogtag-ipa-renew-agent
Jun 24 10:06:13 [HOSTNAME] dogtag-ipa-ca-renew-agent-submit[26145]:
dogtag-ipa-renew-agent returned 3
Jun 24 10:06:13 [HOSTNAME] certmonger[26048]: 2025-06-24 10:06:13 [26048] Error
58 connecting to https://[HOSTNAME]:8443/ca/agent/ca/profileReview: Problem
with the local SSL certificate.
[root@us01-linadm01 ~]# getcert list | egrep "Request
ID|status:|CA:|expires:|certificate:"
Request ID '20210201172746':
status: CA_UNREACHABLE
certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem'
CA: dogtag-ipa-ca-renew-agent
expires: 2025-05-31 15:41:32 UTC
Request ID '20210201172819':
status: CA_UNREACHABLE
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert
cert-pki-ca',token='NSS FIPS 140-2 Certificate DB'
CA: dogtag-ipa-ca-renew-agent
expires: 2027-06-09 13:26:26 UTC
Request ID '20210201172820':
status: CA_UNREACHABLE
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert
cert-pki-ca',token='NSS FIPS 140-2 Certificate DB'
CA: dogtag-ipa-ca-renew-agent
expires: 2027-06-09 13:26:26 UTC
Request ID '20210201172821':
status: CA_UNREACHABLE
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert
cert-pki-ca',token='NSS FIPS 140-2 Certificate DB'
CA: dogtag-ipa-ca-renew-agent
expires: 2027-06-09 13:26:26 UTC
Request ID '20210201172822':
status: MONITORING
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert
cert-pki-ca',token='NSS FIPS 140-2 Certificate DB'
CA: dogtag-ipa-ca-renew-agent
expires: 2027-06-09 13:26:26 UTC
Request ID '20210201172823':
status: CA_UNREACHABLE
certificate:
type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert
cert-pki-ca',token='NSS FIPS 140-2 Certificate DB'
CA: dogtag-ipa-ca-renew-agent
expires: 2027-06-09 13:26:26 UTC
Request ID '20210201172924':
status: CA_UNREACHABLE
certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt'
CA: IPA
expires: 2025-05-31 15:41:32 UTC
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
