Il 09/01/2018 18:19, Jochen Hein via FreeIPA-users ha scritto:
Giulio Casella via FreeIPA-users <email@example.com>
Done, ipactl status report everything running,
That's not correct, see below.
but certificates don't renew.
Looking at certmonger (in debug mod) I can see:
"Server at https://idc01.linux.unicloudidattica.local/ipa/xml failed
request, will retry: 4035 (RPC failed at server. Request failed with
status 500: Non-2xx response from CA REST API: 500. ).
internal error from apache
Server at https://idc02.linux.unicloudidattica.local/ipa/xml failed
request, will retry: -504 (libcurl failed to execute the HTTP POST
transaction, explaining: Failed connect to
idc02.linux.unicloudidattica.local:443; Connection refused).
no apache running
I don't think so. HTTP 500 doesn't mean apache is not running, but an
internal server error.
Indeed I can reach the administration web ui. Login fails due to time
skew, but apache is fully responsive.
Apache return 500 when something behind the scene fails (maybe the
pki-tomcat part, following a post to api).
Have I to try to remove/re-add monitoring from certmonger for service
No - try to find out the errors above. Leave certmonger alone until you
Giulio Casella giulio at di.unimi.it
System and network architect
Computer Science Dept. - University of Milano
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org