Hi all,

We run IPA 3.0.0 and have a cert on the CA master expiring in about 10 days. 
The problem is that we mistakenly provisioned the last cert using an old 
hostname which means that automatically renewing the cert fails, and the IPA 
cert checks we run fails with...

ca-error: Server at "http://correct.hostname:9180/ca/ee/ca/profileSubmit"; 
replied: 1: Server Internal Error.  

I also get a java NPE error when curling that endpoint.

Is it possible to zero out the existing cert and resubmit it with the correct 
hostname?  This is a production environment supporting several thousand hosts 
which means I want to test whatever solution I come up with.  We have a few 
staging environments but they're all configured correctly, so I'm wondering if 
we can intentionally put one into a similar bad state and revert it.

Happy to provide clarifying information if I'm not making sense here.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to