Hi Florence,
Thank you so much for your reply.
I have some questions regarding your instructions.
1. ipactl start --ignore-service-failures doesn't work, it leaves most services
down and I must use systemctl to bring them up.
# sudo ipactl restart --ignore-service-failures
IPA version error: data needs to be upgraded (expected version
'4.6.6-11.el7.centos', current version '4.6.5-11.el7.centos.4')
Automatically running upgrade, for details see /var/log/ipaupgrade.log
Be patient, this may take a few minutes.
Automatic upgrade failed: Update complete
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
CRL tree already moved
[Verifying that CA proxy configuration is correct]
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command
ipa-server-upgrade manually.
CA did not start in 300.0s
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more
information
See the upgrade log for more details and/or run /usr/sbin/ipa-server-upgrade
again
Stopping ipa-dnskeysyncd Service
Stopping ods-enforcerd Service
Stopping ipa-ods-exporter Service
Stopping ipa-otpd Service
Stopping pki-tomcatd Service
Stopping ntpd Service
Stopping ipa-custodia Service
Stopping httpd Service
Stopping named Service
Stopping kadmin Service
Stopping krb5kdc Service
Stopping Directory Service
Aborting ipactl
then I have to start manually using the systemctl command I put before.
Also is there a way to use ipactl to start manually a specified service?
2. what procedure should I use to get a ssl.crt?
# find /{etc,home,opt,root,tmp,usr,var} -type f -iname ssl.crt
#
I think I was using the wrong letsencrypt-freeipa I was using the one here
https://github.com/antevens/letsencrypt-freeipa but now I see there's another
here https://github.com/freeipa/freeipa-letsencrypt with more recent updates.
How do I "replace" them?
Many thanks!!
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
