Thanks!
On Sun, Dec 22, 2019 at 11:13 AM Florence Blanc-Renaud <f...@redhat.com>
wrote:
> 4. On the other replicas, check that the certificate has been properly
> installed in the NSS database /etc/httpd/alias/ or in
> /var/lib/ipa/ra-agent.pem.
> If it's not the case, you can manually install the cert or call getcert
> resubmit -i <ID of the tracking for RA agent>
> Make sure that the request completed successfully with
> $ getcert list -i <ID>
> (the status must be: MONITORING)
>
> The ID can be found with:
> getcert list -f /var/lib/ipa/ra-agent.pem
> or
> getcert list -n ipaCert
>
So on my renewal master, this was the cert:
$ sudo getcert list -i 20180929065626
Number of certificates and requests being tracked: 9.
Request ID '20180929065626':
but on the broken replica:
$ sudo getcert resubmit -i 20180929065626
No request found with specified nickname.
However, copying the file over worked. Thanks!
Hopefully, this now will be googleable, although I'd humbly suggest that
this could be documented somewhere? (and it would be brilliant if the
ipa-healthcheck output pointed to it).
Cheers,
Álex
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_) http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
