Jim Richard wrote: > Honestly Im not even sure if something is not working correctly :) > > All I know is that my httpd, access and krb5 logs are filling up all my > disk space extremely quickly and I have no idea why. > > Centos 6.8 + IPA 3.0 > > One master and one replica. > > Are these things related? > > How do I fix, where do I even start? > > Thanks ! > > On the replica the httpd log is constantly getting spammed with: > > [Thu Nov 24 05:55:18 2016] [error] ipa: INFO: > host/phoenix-153.nym1.placeiq....@placeiq.net: > cert_request(uactual cert removed .. , add=True): ACIError > > and on the master the access log is filling up quickly with: > > 10.1.41.110 - - [24/Nov/2016:06:09:54 +0000] "POST > /ca/agent/ca/displayBySerial HTTP/1.1" 200 10106
Looks like certmonger trying to renew the per-client SSL certificate. You can confirm by pulling out the CSR and poking at it with openssl req. On the client you can try running: ipa-getcert list This may show more details on why the request was rejected. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project