Thanks Jochen,
I tried following the post but the getcert command is complaining about the syntax and I can’t find why. According to man page, the parameters are right.
I also tried to remove the certs and run spa-server-upgrade but it generates new certs and fails at the same point (new certs are also pending pin information) It looks like I will need a way to unstuck those certs for the upgrade to continue. All suggestions are Wellcome :-) Regards
El 1 dic. 2022, a las 01:30, Jochen Kellner jochen@jochen.org escribió:
Hello Juan,
Juan Pablo Lorier via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
You are right, there are several certificates stuck in dc2:
getcert list
...
Request ID '20221130160320': status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
My google-fu point to that comment in an issue: https://github.com/freeipa/freeipa-healthcheck/issues/123#issuecomment-65996... That has the commands to fix the issue.
Another possibility should be to stop-tracking the certificates and run ipa-server-upgrade which should restore the trackings. Right?
Jochen
-- This space is intentionally left blank.