Thank you!

It resolved itself before I got a chance to try resubmitting the ID's. :-)

On Mon, Sep 13, 2021 at 9:17 AM Rob Crittenden <rcritten@redhat.com> wrote:
Russell Jones via FreeIPA-users wrote:
> Hi all,
>
> I am not sure what to do with these below errors. Are they related to my
> failed replica that I rebuilt and resynced, and as a result can be
> ignored? All the current certificates seem to be healthy.

According to ipa-healthcheck they will be healthy for the next 27 days.

These messages are a heads-up that renewal is imminent and if you don't
see it happen then you may need to take some manual action to figure out
why, so you don't end up in a world of hurt.

You could pick one and run getcert resubmit -i <id> to see if it gets a
new certificate.

journalctl -u certmonger will tell you what certmonger is doing.

rob

>
> Thanks for the insight!
>
>
> WARNING:
> ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20191010160502:
> Request id 20191010160502 expires in 27 days
> WARNING:
> ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20191010160533:
> Request id 20191010160533 expires in 27 days
> WARNING:
> ipahealthcheck.ipa.certs.IPACertmongerExpirationCheck.20191010160542:
> Request id 20191010160542 expires in 27 days
> WARNING:
> ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20191010160502:
> Request id 20191010160502 expires in 27 days
> WARNING:
> ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20191010160533:
> Request id 20191010160533 expires in 27 days
> WARNING:
> ipahealthcheck.ipa.certs.IPACertfileExpirationCheck.20191010160542:
> Request id 20191010160542 expires in 27 days
>
>
> [root@freeipa ~]# getcert list | grep -i status
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>         status: MONITORING
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>