I am trying to renew the last certificate for the IPA masters (previous email)
and am coming across this issue on my original IPA master (first server)
getcert list -d /etc/httpd/alias -n "Server-Cert"
Number of certificates and requests being tracked: 8.
Request ID '20170428162941':
ca-error: Server at https://ipa01.ipa.example.com/ipa/xml failed request, will
retry: 4001 (RPC failed at server. nss certificate db: user not found).
key pair storage:
issuer: CN=Certificate Authority,O=IPA. EXAMPLE.COM
expires: 2018-07-30 13:08:58 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
post-save command: /usr/libexec/ipa/certmonger/restart_httpd
This server was 4.2.0 originally, then upgraded to 4.4.0, I tried
that doesn't seem to make a difference.
If possible, can I stop tracking and regenerate this certificate?
All other masters (7 out of 8) did not have an issue renewing their
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org