Giulio Casella via FreeIPA-users <>

> Il 09/01/2018 18:19, Jochen Hein via FreeIPA-users ha scritto:
>> Giulio Casella via FreeIPA-users <>
>> writes:
>>> Done, ipactl status report everything running,
>> That's not correct, see below.
>>> but certificates don't renew.
>>> Looking at certmonger (in debug mod) I can see:
>>> "Server at https://idc01.linux.unicloudidattica.local/ipa/xml failed
>>> request, will retry: 4035 (RPC failed at server.  Request failed with
>>> status 500: Non-2xx response from CA REST API: 500. ).
>> internal error from apache
>>> Server at https://idc02.linux.unicloudidattica.local/ipa/xml failed
>>> request, will retry: -504 (libcurl failed to execute the HTTP POST
>>> transaction, explaining:  Failed connect to
>>> idc02.linux.unicloudidattica.local:443; Connection refused).
>> no apache running
> I don't think so. HTTP 500 doesn't mean apache is not running, but an
> internal server error.
> Indeed I can reach the administration web ui. Login fails due to time
> skew, but apache is fully responsive.

Have a look again: Host idc01 delivers 500 - internal error. Host idc02
has no apache running ("connection refused").

> Apache return 500 when something behind the scene fails (maybe the
> pki-tomcat part, following a post to api).

Yes, try fixing idc01 - most probably dogtag/pki-tomcat there.


This space is intentionally left blank.
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to