28 Nov
2019
28 Nov
'19
6:58 a.m.
On Thu, Nov 28, 2019 at 10:58 AM Florence Blanc-Renaud flo@redhat.com wrote:
please first make a backup of the files. Copy the ra-agent.pem from the working kdc to the broken kdc, then restart ipa and check if certmonger is able to renew the other certificates. The key file probably didn't change (the renewal uses the same key) so I don't think you need to copy this file.
so, this worked ;-), en now ipactl status shows everything is running.
After re-submitting a couple of certificate requests, everything is back to normal.
Thanks Florence, for your assistance. I have learnt a lot too with this blog of your colleague Fraser Tweedale: https://frasertweedale.github.io/blog-redhat/posts/2018-11-20-ca-renewal-mas...
Regards, Natxo -- Groeten, natxo