Andrew Lau wrote:

I've got an issue where I can't seem to remove a host from my freeipa
install. It gives me an error:

Certificate operation cannot be completed: EXCEPTION (Certificate serial
number 0xfff0006 not found)

I thought it might be a replica issue, so I forced sync and also tried
re-initializing the replica but no luck.

Any suggestions?

Deleting a host does a number of additional things:
 - revokes the certificate for the host if it exists
- deletes the services for that host, revoking their certificates as needed

So in this case the host has a certificate associated with it and revocation is failing because the CA doesn't have a record of this certificate.

If you can be sure that the certificate is not in the IPA CA you can clear the value with:

# ipa host-mod --certificate=

This passes an empty value to --certificate which results in removing the value. Then you should be able to delete the host.


Freeipa-users mailing list

Reply via email to