Restarting ipa didnt create the logs. Please, what else can i do?
On Mon, Mar 4, 2019 at 8:47 PM Sina Owolabi <[email protected]> wrote: > > Hi! > > getcert list | grep -i expires > expires: 2019-04-13 12:08:20 UTC > expires: 2019-04-13 12:08:06 UTC > expires: 2019-04-13 12:07:50 UTC > expires: 2035-06-01 08:33:01 UTC > expires: 2019-04-13 12:07:41 UTC > expires: 2019-04-13 12:06:55 UTC > expires: 2019-05-05 12:06:41 UTC > expires: 2019-05-05 12:06:56 UTC > expires: 2020-01-17 19:56:03 UTC > > I didnt find a /var/log/pki/pki-tomcat/ca/debug directory, but I am > creating one and running "ipactl restart". > > On Mon, Mar 4, 2019 at 8:10 PM Rob Crittenden <[email protected]> wrote: > > > > Sina Owolabi via FreeIPA-users wrote: > > > Hi! > > > > > > I am running a small IPA domain (CentOS 7 servers, ipa version 4.5.4, > > > api version 2.228), with one master, and two replicas, and I noticed > > > that pki-tomcatd no longer works on the master, after attempting a > > > reboot. > > > pki-tomcatd works fine on the slaves. > > > I noticed if I try to run IPA functions (dns record removal, hosts > > > management, user passwords, etc), I receive responses like this: > > > > > > ipa: ERROR: Certificate operation cannot be completed: Unable to > > > communicate with CMS (Internal Server Error) > > > But on the replicas, functions work fine. > > > Please can someone guide me on how to fix this? > > > > The CA log is in /var/log/pki/pki-tomcat/ca/debug. That may have some > > pointers. I'd look at selftests.log first. > > > > My guess is that some of the CA certificates have failed to renew. > > > > getcert list | grep -i expires > > > > rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
