Hi all,
I have a replica that, while offline due to maintenance, some certificates
appear to have been auto renewed. Upon bringing the node back online the
ipa-healthcheck script showed several errors that were fixed by
re-initializing the replica.
However, the following errors were not fixed by reinitializing:
[root@freeipa4 ~]# ipa-healthcheck --output-type human --failures-only |
grep -v ipahealthcheck.ipa.idns
WARNING:
ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170451:
Request id 20200130170451 expires in 26 days
WARNING:
ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170452:
Request id 20200130170452 expires in 26 days
WARNING:
ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20200130170453:
Request id 20200130170453 expires in 26 days
WARNING:
ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170451: Request
id 20200130170451 expires in 26 days
WARNING:
ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170452: Request
id 20200130170452 expires in 26 days
WARNING:
ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20200130170453: Request
id 20200130170453 expires in 26 days
When I try to use getcert resubmit, it shows either:
freeipa4 dogtag-ipa-ca-renew-agent-submit: Updated certificate not available
or
freeipa4 certmonger: 2021-09-02 15:43:15 [1264] Invalid cookie: u''
Any ideas on how to get this guy healthy again?
Thanks!