Hi Sam, Thanks for the insight. I've deployed all IPA servers via freeipa ansible collection, all of them defined as CAs. I've fixed the issue for now but in a slightly different way (before your reply): mv /var/lib/ipa/private/httpd.key ./ mv /var/lib/ipa/certs/httpd.crt ./ ipa-getcert request -f /var/lib/ipa/certs/httpd.crt -k /var/lib/ipa/private/httpd.key -p /var/lib/ipa/passwds/`hostname`-443-RSA -D `hostname` -D ipa-ca.tensor-tech.io -C /usr/libexec/ipa/certmonger/restart_httpd -K HTTP/`hostname` -v -w
then remove the existing tracking if getting an error (Error org.fedorahosted.certmonger.duplicate: Certificate at same location is already used by request with nickname "20211122074844".) and re-run the above getcert request: ipa-getcert stop-tracking --id 20211122074844 Thanks again for helping out! Andrei _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure