Hi all, Came around to post the definite fix for my problem, don't know if it will help anyone since it was all a mess. As mentioned previously:
> There's the expected "slapd-DOMAIN-IO" but I also have a > "try_ca_renew-slapd-DOMAIN-IO" dir dated from 8 of June that resembles a > copy of "slapd-DOMAIN-IO" so I was wondering if between one and other maybe > copying some files would work? So I did this, then the error that I got on pki-tomcat/ca/debug was the old message of peer certificate expired. So since I had already reverted to self signed certificates I issued ipa-cert-fix command, failed. [root@main ~]# ipa-cert-fix Failed to get Server-Cert The ipa-cert-fix command failed. Then I tried the 'ipa-cacert-manage renew' command which completed successfully. [root@main ~]# ipa-cacert-manage renew Renewing CA certificate, please wait CA certificate successfully renewed The ipa-cacert-manage command was successful And then all ipa services were able to start correctly (finally able to leave out both the --skip-version-check and --ignore-service-failure): [root@main ~]# ipactl restart IPA version error: data needs to be upgraded (expected version '4.6.6-11.el7.centos', current version '4.6.5-11.el7.centos.4') Automatically running upgrade, for details see /var/log/ipaupgrade.log Be patient, this may take a few minutes. Restarting Directory Service Restarting krb5kdc Service Restarting kadmin Service Restarting named Service Restarting httpd Service Restarting ipa-custodia Service Restarting ntpd Service Restarting pki-tomcatd Service Restarting ipa-otpd Service Restarting ipa-ods-exporter Service Restarting ipa-dnskeysyncd Service ipa: INFO: The ipactl command was successful _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
