OK, did the whole song and dance again (btw, it takes about 6m, I'm not sure if that's normal), and extracted logs again:

https://gist.github.com/alexpdp7/358626a92a07c787fbf246b2761dddb3

Thanks for your time, guys,

Álex

On Tue, Nov 6, 2018 at 5:17 PM Rob Crittenden <rcritten@redhat.com> wrote:
Alex Corcoles via FreeIPA-users wrote:
> So I solved my LXC problems (thanks Rob, again), but now:
>
> ipa-replica-install -U --setup-ca -N
>
> fails when rebuilding my replica from scratch, see:
>
> https://gist.github.com/alexpdp7/4431da5e11afe6029e2baa01bc1f2251
>
> , where I think I've copied the relevant logs. I think I saw someone
> recommending revoking the replica certs, which makes sense as I'm using
> the same hostname that I used on the previous replica, but that doesn't
> seem to fix things.
>
> (I'm removing the previous replica via the admin interface, IPA Server
> -> Topology -> IPA Servers, select my replica and "Delete Server". This
> removes it too from the host list).

I don't know what it is but it isn't related to existing entries in IPA
(nor un-revoked certs).

The dogtag installer is asking for a serial # range and getting a
NotFound. Maybe Fraser knows.

rob


--
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net