On Mon, 2022-06-20 at 22:06 -0400, Ranbir via FreeIPA-users wrote:
I've run it now a few times with the same result. Which one of the myriad of logs should I check to maybe understand why this is happening?
I fixed it.
I used to have a second internal DNS domain that I used with the same ipa domain. The server I was requesting the cert on has the same short name, but is now in the first dns domain. The old server with the same short name and secondary DNS domain was still hanging around in the list of hosts. I deleted it, requested the cert again using the exact same command and now I can see the "dns" line in the cert's details. Firefox stopped complaining, too.
ok bye.