Thank you! That did it. I had to delete the old cert from cn=certificates,cn=ipa,cn=etc Then I had to edit /etc/ipa/ca.crt on the IPA CA renewal master and remote the expired cert. Then I ran ipa-certupdate. Then I was able to confirm that running openssl x509 -inform pem -enddate -noout -in /etc/ipa/ca.crt gave me the expected endDate of 2020.
Then I did the same on all other IPA servers. And then finally had to run ipactl restart and all the WebUIs became accessible again. Now I'll run ipa-certupdate on all remaining systems. Thanks again for your help! _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
