Hello all, I'm using FreeIPA 4.12 on AlmaLinux and since my certificates will expire soon on 18st of March, I had to check and renew them. But upon trying I saw that all tracked certificates are reporting that they couldn't connect to server. Further checking I've found that [email protected] is not running and the error which the service produces looking like this:
Feb 24 14:01:22 login.example.net pki-server[1243031]: ERROR: Error reading file '/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml': failed to load external entity "/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml" Feb 24 14:01:22 login.example.net pki-server[1243031]: Traceback (most recent call last): Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in <module> Feb 24 14:01:22 login.example.net pki-server[1243031]: cli.execute(sys.argv) Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 144, in execute Feb 24 14:01:22 login.example.net pki-server[1243031]: super().execute(args) Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute Feb 24 14:01:22 login.example.net pki-server[1243031]: module.execute(module_args) Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/cli/migrate.py", line 98, in execute Feb 24 14:01:22 login.example.net pki-server[1243031]: instance.init() Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/instance.py", line 1124, in init Feb 24 14:01:22 login.example.net pki-server[1243031]: super().init() Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 380, in init Feb 24 14:01:22 login.example.net pki-server[1243031]: self.enable_subsystems() Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1256, in enable_subsystems Feb 24 14:01:22 login.example.net pki-server[1243031]: subsystem.enable() Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/subsystem.py", line 685, in enable Feb 24 14:01:22 login.example.net pki-server[1243031]: self.instance.deploy_webapp( Feb 24 14:01:22 login.example.net pki-server[1243031]: File "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1011, in deploy_webapp Feb 24 14:01:22 login.example.net pki-server[1243031]: document = etree.parse(descriptor, parser) Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/etree.pyx", line 3521, in lxml.etree.parse Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 1862, in lxml.etree._parseDocument Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 1888, in lxml.etree._parseDocumentFromURL Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 1792, in lxml.etree._parseDocFromFile Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 1180, in lxml.etree._BaseParser._parseDocFromFile Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 618, in lxml.etree._ParserContext._handleParseResultDoc Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 728, in lxml.etree._handleParseResult Feb 24 14:01:22 login.example.net pki-server[1243031]: File "src/lxml/parser.pxi", line 655, in lxml.etree._raiseParseError Feb 24 14:01:22 login.example.net pki-server[1243031]: OSError: Error reading file '/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml': failed to load external entity "/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml" Any help will be much appreciated as I have to upgrade the certificates within a month. Thank you advance
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
