Hi guys.
According to 'ipa-healthcheck' there are lots of problems
with my IPA
...
"key": "cert-file=/var/lib/ipa/ra-agent.pem,
key-file=/var/lib/ipa/ra-agent.key,
ca-name=dogtag-ipa-ca-renew-agent,
cert-presave-command=/usr/libexec/ipa/certmonger/renew_ra_cert_pre,
cert-postsave-command=/usr/libexec/ipa/certmonger/renew_ra_cert",
"msg": "Expected certmonger tracking is missing for
{key}. Automated renewal will not happen for this certificate"
...
"key": "cert-database=/etc/pki/pki-tomcat/alias,
cert-nickname=auditSigningCert cert-pki-ca,
ca-name=dogtag-ipa-ca-renew-agent,
cert-presave-command=/usr/libexec/ipa/certmonger/stop_pkicad,
cert-postsave-command=/usr/libexec/ipa/certmonger/renew_ca_cert
\"auditSigningCert cert-pki-ca\",
template-profile=caSignedLogCert",
"msg": "Expected certmonger tracking is missing for
{key}. Automated renewal will not happen for this certificate"
...
...
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertDNSSAN",
"result": "ERROR",
"uuid": "1f431916-88ae-4cf0-8dd1-c55914cf3801",
"when": "20220315184602Z",
"duration": "0.178625",
"kw": {
"key": null,
"msg": "Found request id {key} but it is not
trackedby certmonger!?"
}
},
...
'ipa-restore' does not seem to fix anything there.
What happens there and more importantly, how to
troubleshoot/fix?
many thanks, L.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
