On Tue, Jun 14, 2016 at 11:22 AM, Rob Crittenden <rcrit...@redhat.com> wrote:
> Marc Wiatrowski wrote: > >> Hello, I'm having issues with the 3 ipa certificates of type CA: IPA >> renewing on 2 of 3 replicas. Particularly on the 2 that are not the CA >> master. The other 5 certificates from getcert list do renew and all >> certificates on the CA master do look to renew. >> >> Both servers running ipa-server-3.0.0-50.el6.centos.1.x86_64 I've done >> full updates and rebooted. >> > > Can you check on the replication status for each CA? > > $ ipa-csreplica-manage list -v ipa.example.com > > The hostname is important because including that will show the agreements > that host has. Do this for each master with a CA. > > The CA being asked to do the renewal is unaware of the current serial > number so it is refusing to proceed. > > rob > > [root@spider01o]$ ipa-csreplica-manage list -v spider01a.iglass.net Directory Manager password: spider01b.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update succeeded last update ended: 2016-06-14 17:49:16+00:00 spider01o.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2016-06-14 17:55:20+00:00 [root@spider01o]$ ipa-csreplica-manage list -v spider01o.iglass.net Directory Manager password: spider01a.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2016-06-14 17:57:44+00:00 spider01b.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2016-06-14 17:57:41+00:00 [root@spider01o]$ ipa-csreplica-manage list -v spider01b.iglass.net Directory Manager password: spider01a.iglass.net last init status: 0 Total update succeeded last init ended: 2016-06-03 19:43:12+00:00 last update status: 0 Replica acquired successfully: Incremental update succeeded last update ended: 2016-06-14 17:44:17+00:00 spider01o.iglass.net last init status: 0 Total update succeeded last init ended: 2016-06-03 19:44:38+00:00 last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2016-06-14 17:57:53+00:00 spider01a.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update succeeded last update ended: 2016-06-14 17:44:13+00:00 spider01o.iglass.net last init status: None last init ended: None last update status: 0 Replica acquired successfully: Incremental update started last update ended: 2016-06-14 17:57:54+00:00 Not sure what this is telling... This an issue with the last being doubled? Thanks
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project