Louis Lagendijk wrote: > On Mon, 2019-08-05 at 11:55 -0400, Rob Crittenden wrote: >> >>> that failed (as in the submission went ok, but the cert did not get >>> renewed) >> >> You need to check which host is the renewal master and go back in >> time >> on that one. >> > That was it: when I changed date on the other server and retried it > still did not work until I realized that the other tomcat certificate > was already renewed and I went back in time too far, so that > certificate was not yet valid. I picked a point in time between that > date and the expiry of the problem certificate and now renewal worked. > My ipa is back on its feet again. Thanks for the help
Sure thing, glad you got it working! If you look back in the journal on the renewal master you will hopefully see certmonger attempting to renew the certs. That might hold some clues as to why the renewal wasn't completely automatically. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
