Giulio Casella via FreeIPA-users <email@example.com>
> Il 09/01/2018 18:19, Jochen Hein via FreeIPA-users ha scritto:
>> Giulio Casella via FreeIPA-users <firstname.lastname@example.org>
>>> Done, ipactl status report everything running,
>> That's not correct, see below.
>>> but certificates don't renew.
>>> Looking at certmonger (in debug mod) I can see:
>>> "Server at https://idc01.linux.unicloudidattica.local/ipa/xml failed
>>> request, will retry: 4035 (RPC failed at server. Request failed with
>>> status 500: Non-2xx response from CA REST API: 500. ).
>> internal error from apache
>>> Server at https://idc02.linux.unicloudidattica.local/ipa/xml failed
>>> request, will retry: -504 (libcurl failed to execute the HTTP POST
>>> transaction, explaining: Failed connect to
>>> idc02.linux.unicloudidattica.local:443; Connection refused).
>> no apache running
> I don't think so. HTTP 500 doesn't mean apache is not running, but an
> internal server error.
> Indeed I can reach the administration web ui. Login fails due to time
> skew, but apache is fully responsive.
Have a look again: Host idc01 delivers 500 - internal error. Host idc02
has no apache running ("connection refused").
> Apache return 500 when something behind the scene fails (maybe the
> pki-tomcat part, following a post to api).
Yes, try fixing idc01 - most probably dogtag/pki-tomcat there.
This space is intentionally left blank.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org