Hi All, Trying to install a replica for an already running ipa-server but it fails.
IPA Main server is already running and properly configured. I'm trying to setup the second server and replicate with the main server. This is the command what i'm using: ipa-replica-install --principal admin --admin-password 'password' --setup-ca --setup-dns --auto-forwarders --server ipa-server.domain.local --domain domain.local Everything is going well until this: Done configuring kadmin. Configuring directory server (dirsrv) [1/3]: configuring TLS for DS instance [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE) Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Certificate issuance failed (CA_UNREACHABLE) ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information The getcert list command is getting this; Number of certificates and requests being tracked: 1. Request ID '20180905101554': status: CA_UNREACHABLE ca-error: Server at https://ipa-server2.domain.local/ipa/xml failed request, will retry: -504 (libcurl failed to execute the HTTP POST transaction, explaining: Failed connect to ipa-server2.domain.local:443; Connection refused). [ipa-server2] # netstat -lnp | grep 443 - is not getting anything back. httpd server is running by listening 80 port only. [root@host user]# ipa --version VERSION: 4.5.4, API_VERSION: 2.228 cat /etc/os-release NAME="CentOS Linux" VERSION="7 (Core)" How can i make the replica working? _______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org