Hi,
I have a production server that was not maintained and I see that the HTTP
certificate has expired long ago. I tried to renew it but I'm not being agle to
get it right.
The initial status was:
Request ID '20191219011208':
status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
stuck: yes
key pair storage: type=FILE,location='/var/lib/ipa/private/httpd.key'
certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt'
Then following this thread
https://lists.fedorahosted.org/archives/list/[email protected]/message/GLFHCL2DW4LD2GQTTAZRYSXUGQQXD67Q/
I got it to this state:
Request ID '20191219011208':
status: MONITORING
ca-error: Server at https://dc1.tnu.com.uy/ipa/xml failed request, will
retry: -504 (HTTP POST to URL 'https://XXXX/ipa/xml' failed. libcurl failed
even to execute the HTTP transaction, explaining: SSL certificate problem:
certificate has expired).
stuck: no
key pair storage:
type=FILE,location='/var/lib/ipa/private/httpd.key',pinfile='/var/lib/ipa/passwds/XXXXX-443-RSA'
certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt'
The post indicates that I have to put an old date in the server to get it
renewed, but as the server is in production, it means that all clients will
fail to log to the server. Evenmore, what time should I return to, before the
certificate expiration or right after?
Thanks in advance
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
