Hi all, I have a replica that, while offline due to maintenance, some certificates appear to have been auto renewed. Upon bringing the node back online the ipa-healthcheck script showed several errors that were fixed by re-initializing the replica.
However, the following errors were not fixed by reinitializing: [root@freeipa4 ~]# ipa-healthcheck --output-type human --failures-only | grep -v ipahealthcheck.ipa.idns WARNING: ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170451: Request id 20200130170451 expires in 26 days WARNING: ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170452: Request id 20200130170452 expires in 26 days WARNING: ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170453: Request id 20200130170453 expires in 26 days WARNING: ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170451: Request id 20200130170451 expires in 26 days WARNING: ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170452: Request id 20200130170452 expires in 26 days WARNING: ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170453: Request id 20200130170453 expires in 26 days When I try to use getcert resubmit, it shows either: freeipa4 dogtag-ipa-ca-renew-agent-submit: Updated certificate not available or freeipa4 certmonger: 2021-09-02 15:43:15 [1264] Invalid cookie: u'' Any ideas on how to get this guy healthy again? Thanks!
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
