2018-02-15 4:34 GMT+08:00 Rob Crittenden <rcrit...@redhat.com>: > > Let me circle back around. So your certs are currently expired and not > working? I assume then that your IPA master is basically dead, and has > been for 2 years? > > Your best bet would be to stop ntpd, go back in time, restart httpd, > tomcat andcertmonger to kick off renewal again. Watch the syslog for any > messages from certmonger. > > Assuming the certs all get renewed return to current time and run ipactl > restart. > > rob
These are messages after I restarted httpd, tomcat & cermonger Feb 15 07:15:41 ipa systemd[1]: Stopping Apache Tomcat Web Application Container... Feb 15 07:15:41 ipa systemd[1]: tomcat.service: main process exited, code=exited, status=143/n/a Feb 15 07:15:41 ipa systemd[1]: Unit tomcat.service entered failed state Feb 15 07:15:41 ipa systemd[1]: Starting Apache Tomcat Web Application Container... Feb 15 07:15:41 ipa systemd[1]: Started Apache Tomcat Web Application Container. Feb 15 07:15:48 ipa systemd[1]: Stopping Certificate monitoring and PKI enrollment... Feb 15 07:15:48 ipa systemd[1]: Starting Certificate monitoring and PKI enrollment... Feb 15 07:15:48 ipa systemd[1]: Started Certificate monitoring and PKI enrollment. Feb 15 07:15:49 ipa certmonger[21863]: 2015-02-15 07:15:49 [21863] Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)). Feb 15 07:15:49 ipa certmonger[21863]: 2015-02-15 07:15:49 [21863] Server failed request, will retry: 4301 (RPC failed at server. Certificate operation cannot be completed: Unable to communicate with CMS (Not Found)). _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org