Scott Stevson via FreeIPA-users wrote:
Hi all,
We run IPA 3.0.0 and have a cert on the CA master expiring in about 10 days. The problem
is that we mistakenly provisioned the last cert using an old hostname which means that
automatically renewing the cert fails, and the IPA cert checks we run fails with...
ca-error: Server at "http://correct.hostname:9180/ca/ee/ca/profileSubmit"
replied: 1: Server Internal Error.
I also get a java NPE error when curling that endpoint.
Is it possible to zero out the existing cert and resubmit it with the correct hostname?
This is a production environment supporting several thousand hosts which means I want to
test whatever solution I come up with. We have a few staging environments but they're
all configured correctly, so I'm wondering if we can intentionally put one into a
similar bad state and revert it.
Happy to provide clarifying information if I'm not making sense here.
Yeah, more details are needed. What cert is provisioned with an old
hostname and how did someone manage to do that?
What does the CA debug log say when it is failing?
rob