[ec2-user@freeipa01 ~]$ sudo getcert listNumber of certificates and requests being tracked: 1.Request ID '20180302161736': status: CA_UNREACHABLE ca-error: Error 58 connecting to https://freeipa01.east.ipa.gatewayblend.com:8443/ca/agent/ca//profileReview: Problem with the local SSL certificate. stuck: no key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key' certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem' CA: dogtag-ipa-ca-renew-agent issuer: subject: expires: unknown pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: yes[ec2-user@freeipa01 ~]$
On Thursday, March 1, 2018 3:29 PM, Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: Andrew Meyer via FreeIPA-users wrote: > While building a new freeipa server in AWS I got this error: > 2018-03-01T18:15:49Z DEBUG The ipa-server-install command failed, > exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE) > 2018-03-01T18:15:49Z ERROR Certificate issuance failed (CA_UNREACHABLE) > 2018-03-01T18:15:49Z ERROR The ipa-server-install command failed. See > /var/log/ipaserver-install.log for more information > > I did some research and found this is possibly related to version 4.5.0? Probably not. Run getcert-list to hopefully get more context to the error. > I have a host entry in /etc/hosts but that didn't seem to fix the > problem. Is there something else I'm missing? > > Do you know when 4.6.x will be released to epel/amazon? The usual cause for version lag in RHEL is missing dependencies. Many important changes are backported so in RHEL you can never really rely on the version. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org