Yavor Marinov via FreeIPA-users wrote: > Hello all, > > I'm using FreeIPA 4.12 on AlmaLinux and since my certificates will > expire soon on 18st of March, I had to check and renew them. But > upon trying I saw that all tracked certificates are reporting that they > couldn't connect to server. Further checking I've found that > [email protected] is not running and the error which the > service produces looking like this: > > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: ERROR: Error reading file > '/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml': failed to load > external entity "/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml" > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: Traceback (most recent call last): > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/pkiserver.py", line 41, in > <module> > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: cli.execute(sys.argv) > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/cli/__init__.py", line 144, > in execute > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: super().execute(args) > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/cli/__init__.py", line 217, in execute > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: module.execute(module_args) > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/cli/migrate.py", line 98, > in execute > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: instance.init() > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/instance.py", line 1124, in > init > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: super().init() > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 380, in init > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: self.enable_subsystems() > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1256, in > enable_subsystems > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: subsystem.enable() > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/subsystem.py", line 685, in > enable > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: self.instance.deploy_webapp( > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File > "/usr/lib/python3.9/site-packages/pki/server/__init__.py", line 1011, in > deploy_webapp > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: document = etree.parse(descriptor, parser) > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/etree.pyx", line 3521, in > lxml.etree.parse > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 1862, in > lxml.etree._parseDocument > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 1888, in > lxml.etree._parseDocumentFromURL > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 1792, in > lxml.etree._parseDocFromFile > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 1180, in > lxml.etree._BaseParser._parseDocFromFile > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 618, in > lxml.etree._ParserContext._handleParseResultDoc > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 728, in > lxml.etree._handleParseResult > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: File "src/lxml/parser.pxi", line 655, in > lxml.etree._raiseParseError > Feb 24 14:01:22 login.example.net <http://login.example.net> > pki-server[1243031]: OSError: Error reading file > '/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml': failed to load > external entity "/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml" > > Any help will be much appreciated as I have to upgrade the certificates > within a month.
Did someone try to enable a standalone OCSP service? Does /var/lib/pki/pki-tomcat/ocsp exist? What's in it? rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
