Hi Matt,
I ran into this a couple of months ago. I ended up creating the replica
without --setup-ca which first appeared to work, but then it turned out
that replication is (at least for me) broken, cf. Ticket #4807
(https://fedorahosted.org/freeipa/ticket/4807).
On Fri, 12 Dec 2014, Matt
1. Create replica ipa-1 from old-ipa-1
2. Followed procedure documented at
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master to
make ipa-1 the node responsible for CRL generation and CA renewal
3. Prepare ipa-2 to be a replica by running 'ipa-replica-prepare
ipa-2.example.com'
