Alex Corcoles via FreeIPA-users wrote:
> Hi,
>
> I've been running ipa-healthcheck for a while and this morning I started
> to get a few failures:
>
> {
> "source": "ipahealthcheck.ipa.certs",
> "kw": {
> "msg": "Request id 20180929065627 expires in 27 days",
> "expiration_date": "20200104123511Z",
> "days": 27,
> "key": "20180929065627"
> },
> "uuid": "02af62dc-ac2c-48a6-951f-884e119be9a7",
> "duration": "0.046374",
> "when": "20191208113322Z",
> "check": "IPACertmongerExpirationCheck",
> "result": "WARNING"
> },
> {
> "source": "ipahealthcheck.ipa.certs",
> "kw": {
> "msg": "Request id 20180929065620 expires in 27 days",
> "expiration_date": "20200104123511Z",
> "days": 27,
> "key": "20180929065620"
> },
> "uuid": "ce377ee1-6f8a-4921-9c33-01c6d82e91ff",
> "duration": "0.148693",
> "when": "20191208113323Z",
> "check": "IPACertfileExpirationCheck",
> "result": "WARNING"
> },
>
> I get a pair of these for a couple of certs. Should WARNING results be
> ignored (because those should be renewed automatically, perhaps?)? I was
> running --failures-only, but perhaps I should run --severity
> CRITICAL,ERROR for monitoring?
These are there so you are aware that an expiration event is coming up.
Just keep an eye on it, it should resolve itself when certmonger thinks
its time. This is reported as a heads-up and a just-in-case-certmonger
falls over (or if you have no CA renewal manager, for example).
rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
