[Freeipa-users] getcert list status: NEED_CA issue

Few days ago my Master CA was messed up and getcert list was showing empty list (no cert to track) So i run following command to add certs manually: getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'ocspSigningCert cert-pki-ca' -P XXXXXXX getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'auditSigningCert cert-pki-ca' -P XXXXXXX getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'subsystemCert cert-pki-ca' -P XXXXXXX getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'Godaddy' -P XXXXXXX getcert start-tracking -d /etc/pki/pki-tomcat/alias -n 'Godaddy Intermediate' -P XXXXXXX And after that i am seeing this status (status: NEED_CA ) it should be MONITORING right? # getcert list Number of certificates and requests being tracked: 12. Request ID '20190915042927': status: NEED_CA stuck: yes key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' issuer: CN=Certificate Authority,O=example.com subject: CN=Certificate Authority,O=example.com expires: 2037-01-05 14:47:24 UTC key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign pre-save command: post-save command: track: yes auto-renew: yes Request ID '20190915043150': status: NEED_CA stuck: yes key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alaas',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' issuer: CN=Certificate Authority,O=example.com subject: CN=ldap-example-5-1.foo.example.com,O=example.com expires: 2020-11-17 18:30:29 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: track: yes auto-renew: yes Request ID '20190915043212': status: NEED_CA stuck: yes key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB' issuer: CN=Certificate Authority,O=example.com subject: CN=OCSP Subsystem,O=example.com expires: 2020-11-17 18:31:26 UTC eku: id-kp-OCSPSigning pre-save command: post-save command: track: yes auto-renew: yes