Christof Schulze wrote:
> Hello all,
> i am running a FreeIPA server on CentOS for 2 years now with mostly
> Ubuntu 12.04 and some Fedora 20 clients.
> Since one week (or more) it is not possible any more to install new
> clients (whether ubuntu nor fedora). The Host gets created on the
> IPA-server but it can not create/exchange a Host-Certificate.
> The only thing happened (except regular updates) was a complete
> certificate renewal with no obvious problems some weeks ago.
> Web-interface and certmonger show the same error.
> ipa-getcert list on the new Hosts:
> status: CA_UNREACHABLE
> ca-error: Server failed request, will retry: 4301 (RPC failed at
> server. Certificate operation cannot be completed: FAILURE (Invalid
> stuck: yes
Given the timeline I'd guess that your CA subsystem certificates have
On the IPA master run: getcert list (not ipa-getcert)
This will show the current status of things.
What version of IPA is this?
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project