Christof Schulze wrote:
> Hello all,
> 
> i am running a FreeIPA server on CentOS for 2 years now with mostly
> Ubuntu 12.04 and some Fedora 20 clients.
> 
> Since one week (or more) it is not possible any more to install new
> clients (whether ubuntu nor fedora). The Host gets created on the
> IPA-server but it can not create/exchange a Host-Certificate.
> 
> The only thing happened (except regular updates) was a complete
> certificate renewal with no obvious problems some weeks ago.
> 
> Web-interface and certmonger show the same error.
> 
> ipa-getcert list on the new Hosts:
>       status: CA_UNREACHABLE
>       ca-error: Server failed request, will retry: 4301 (RPC failed at
> server.  Certificate operation cannot be completed: FAILURE (Invalid
> Request)).
>       stuck: yes

Given the timeline I'd guess that your CA subsystem certificates have
expired.

On the IPA master run: getcert list (not ipa-getcert)

This will show the current status of things.

What version of IPA is this?

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to