I somehow destroyed my primary IPA server's Server-Cert in
/etc/httpd/alias. I don't understand how or why it happened, all I know is
that I went to restart Apache and it was gone. Apache won't start, of
course, because the cert is missing. I can't issue a new cert on the
primary because Apache is down. I tried using the secondary, but it fails
saying that it can't connect to the web server on the primary (it's the
same error message I get when I try to issue a cert from the primary). I
can't figure out how to tell ipa-getcert et al. to talk to the secondary
and not the primary. I'm not using DNS for service discovery, so I'm not
sure how the various tools figure out where things are.
This is all on CentOS 6.5 with IPA 3.0.0-37.
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project