Hi all,

/var/lib/ipa/private/httpd.key was in a status "waiting for PIN", but I did brong is back to life using "ipa-getcert resubmit -i 20200117075404 -p /var/lib/ipa/passwds/xxxx-443-RSA. All certss look fine now.

"getcert list" works, although it's a bit slow the first time (running on a Udoo x86 board with a celeron....)

Just to be shure about dbus, I restarted the entire machine; no success. :-(

Timing issue and/or casued by my rather slow Udoo board.....?

Winfried

Rob Crittenden schreef op za 25-01-2020 om 14:53 [-0500]:

Winfried de Heiden via FreeIPA-users wrote:

Hi all,

Using CentOS Linux release 8.1.1911 and the Stream repositories,

upgrading IPA fails:

(    Upgrade  ipa-server-common-4.8.0-13.module_el8.1.0+265+e1e65be4.noarch

@AppStream

    Upgraded

ipa-server-common-4.8.0-11.module_el8.1.0+253+3b90c921.noarch @@System )

Running ipa-server-upgrade manually will result in:

[Upgrading CA schema]

CA schema update complete (no changes)

[Verifying that CA audit signing cert has 2 year validity]

[Update certmonger certificate renewal configuration]

Introspect error on :1.417:/org/fedorahosted/certmonger:

dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did

not receive a reply. Possible causes include: the remote application did

not send a reply, the message bus security policy blocked the reply, the

reply timeout expired, or the network connection was broken.

I assume certmonger and dbus services are running?

Does `getcert list` work?

The dbus service sometimes isn't too fond of being restarted but you

could try that.

rob