You could turn the clock back, remove the agreements, renew the certs to a future date, shutdown, reset the clock and renew again to get up and running. Make sure you’re doing it while the system is offline to prevent NTP. Also: make sure you don’t run in to this again by making regular recovery points (backups, snapshots, periodic master updates). I’m assuming this is a recovery action from total loss of everything? If not: don’t bother with that image, install a fresh master instead.
John
On 26 Sep 2019, at 23:59, Randy Morgan via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
I have a two year image of one of my IPA servers that I am trying to bring live. Unfortunately all of the certs except the CA are expired. I have attempted to follow the instructions for updating the certs, but it has failed to update them. After careful and extensive digging, I have found that the issue is two replication agreements from other IPA servers that have since been rebuilt. Because of the expired certs I can't login to the web UI, so I can't terminate the agreements that way, and the IPA commands fail. Is there a way to terminate these agreements manually by removing the references to the two servers?
Randy Morgan
-- Randy Morgan CSR Department of Chemistry/BioChemistry Brigham Young University _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...