Back around Nov/Dec when RHEL 8.3 release, I was hit with the update issue regarding
fapolicy. Fortunatly only my IPA1 was impacted, though at the time it was my CA and CRL
master. As part of recovery I migrated CA and CRL to IPA2, which is where it still
resides. I built a new IPA1 and configured it as a replica.
This also seems to coincide with when the CRL ceases to be updated with newly revoked
certs.
So I wonder if I messed something up in that process