Azim Siddiqui wrote: > ipa-cert-fix command is not working on the Freeipa master server. > > The FreeIpa version on the master server is - VERSION: 4.2.0 > And on the replica server is - VERSION: 4.6.8
Please keep responses on the list. Oh geez, RHEL 7.2. Man that is ancient. You'll need to stop ntpd/chronyd if they are running and use the date command to go back in time to when all the certificates are valid. Then run ipactl restart If all the services start ok and you can validate that things seem to be working back in time (ipa user-show admin, ipa cert-show 1) then restart the certmonger service and sit back and wait. It can take a bit to renew everything. You can follow along by occasionally running getcert list. Once everything is in MONITORING you can return to present time, restart ntpd/chronyd and run ipactl restart again. Then you need to focus on bringing these systems up-to-date. RHEL, and therefore CentOS, 7 is EOL and 7.2 particularly so. You should have more than one system running a CA too. You currently have a single-point-of-failure. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
