luckydog xf via FreeIPA-users wrote: > This is resolved by " > > ---- > getcert modify-ca -c dogtag-ipa-ca-renew-agent -e > '/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -N' > ---- > and start-tracking.... > > The reason is that once certmonger renews a certificate, it would use old > certificate request information to geneate a new one. But the old one may not > work out. > > -N tells certmonger to discard the old stuff and just create a new one.
It tells certmonger to use a CSR and not rely on the dogtag renew-by-serial number capability. This is the default since 4.8.1. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
