[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

/var/lib/ipa/certs/httpd.crt looks valid and has a 3 year validity date starting from Nov 23, 2020 /etc/ipa/ca.crt looks valid and has a 20 year validity date starting from Nov 23, 2020 From: Florence Renaud Sent: Tuesday, September 7, 2021 11:38 AM To: Jeremy

[Freeipa-users] Re: dogtag-ipa-ca-renew-agent-submit: Updated certificate not available

Thanks! I compared between a working one and this and the output looked the same. I did not see anything obvious. Instead of continuing to spin my wheels I decided to go the route of just blowing the whole replica away and recreating it - Problem solved! :-) On Thu, Sep 2, 2021 at 4:47 PM Rob

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

Hi Jeremy, to enable debugging you can simply create /etc/ipa/server.conf if the file does not exist: # cat /etc/ipa/server.conf [global] debug=True # systemctl restart httpd The HTTPd certificate is stored in /var/lib/ipa/certs/httpd.crt, you can examine its content with # openssl x509 -noout

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

Disregard this part >>>Also, I don't see a server.conf file at /etc/ipa so that I may enable >>>debugging. What can you suggest for this issue? The file is /etc/ipa/default.conf. I should have looked before replying. I have uploaded the httpd error_log to pastebin for review.

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

I think I see the issue but I am unsure what to do to fix it. See below. To answer your question, yes I did accept the security exception. Also, I don't see a server.conf file at /etc/ipa so that I may enable debugging. What can you suggest for this issue? [root@utility ~]# ipactl status

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

Hi Jeremy, Did you accept the security exception displayed by the browser (I'm trying to eliminate obvious issues)? If nothing is displayed, can you check if ipa command-line is working as expected (for instance do "kinit admin; ipa config-show")? You may want to enable debug logs (add debug=True

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

OK, Why don't I see anything on the initial login page? All I see is the URL and the fact that the certificate is not trusted. The certificate is not expired yet. Not until Nov 2021. The login in page is mostly solid white with no login or password field.

[Freeipa-users] Re: Why is ipa-ods-exporter broken after running ipa-dns-install? (Was - Unable to start directory server after updates)

Hi, ipa-ods-exporter is a socket-activated service, and ipactl status may show it as STOPPED. That's not an issue (and you can see the status of ipactl as successful) as the socket is still listening on events and will wake the service on demand. If it is started manually without the appropriate