Omar Pagan via FreeIPA-users wrote:
Hello Flo,
We have three (3) servers and two of them are replicas.
From the cli:
# `ipa-getcert list` shows two certs both expired,
# `getcert list` shows 8 certs, 7 of those expired.
We are working from the CA master and trying everything we have listed above. We tried
the ipa-cert-fix too, time rolled back and everything done on the CA master, but nothing
worked.
We need to see what you are seeing in order to help. The getcert output,
the journal output after resubmitting (and failing), any related
logging, the status of the services prior to doing the resubmit and/or
ipa-cert-fix, ipa config-show output, etc.
rob
PS ipa-getcert is shorthand for getcert -c IPA which is a subset of the
certificates. It is a subset of the getcert output.