Bogdan Stoica via FreeIPA-users wrote: > These steps worked for me after trying pretty much everything. > > My FreeIPA cert has expired, I have initially used ipa-cert-fix, then > ipa-certupdate. It worked for like 2-3 days then stopped working. > > After doing the getcert resubmit -i “certid” and restarting IPA, everything > started working again. > > OS: RockyLinux 8.10 > OpenSSL version: openssl-1.1.1k-12.el8_9.x86_64 > > Tried to downgrade OpenSSL (previously it was openssl-1.1.1k-16.el8_9.x86_64) > but that didn’t work >
I'm glad you got it working. As a shortcut you can also resubmit using path options, like getcert resubmit -f /var/kerberos/krb5kdc/kdc.crt I like including the -vw flags. v will give status as the cert processes through the reneal and w will wait until the request is done, either pass or fail. It seems unusual that after ipa-certfix the cert only worked for a couple of days but I'm not sure what we could do to troubleshoot that now. I guess I'm glad it's working. You might want to double-check the Not after date of the certificate to be sure it isn't going to expire again soon. Just in case. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
