Bryan Fang via FreeIPA-users wrote:
Hi folks, hope you are doing well, in case of dealing with domain level 0, when run ipa-replica-install, i have to provide gpg file as one of parameters, and cannot use --dirsrv-cert-file etc. together with gpg file 'You cannot specify any of --dirsrv-cert-file, --http-cert-file, or --pkinit-cert-file together with replica file' as your suggestion I run ipa-client-install firstly, all certificates should be placed correctly, then when I run ipa-replica-install file.gpg -d, then get below error message ipapython.admintool: DEBUG The ipa-replica-install command failed, exception: ScriptError: IPA client is already configured on this system. Please uninstall it first before configuring the replica, using 'ipa-client-install --uninstall'. ipapython.admintool: ERROR IPA client is already configured on this system.
but certificate issue if I uninstall ipa-client, how to solve this issue? thanks in advance!
It's hard to help with older installs when you don't provide any version or OS information.
DL0 doesn't allow for client promotion to replica.
Is there a reason you're not upgrading to DL1?
Information on how the server is installed would be helpful. It sure sounds like you replaced some certificates with externally-signed ones but still have an IPA CA, is that correct?
rob