Hello Juan,
Juan Pablo Lorier via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
You are right, there are several certificates stuck in dc2:
getcert list
...
Request ID '20221130160320': status: NEWLY_ADDED_NEED_KEYINFO_READ_PIN
My google-fu point to that comment in an issue: https://github.com/freeipa/freeipa-healthcheck/issues/123#issuecomment-65996... That has the commands to fix the issue.
Another possibility should be to stop-tracking the certificates and run ipa-server-upgrade which should restore the trackings. Right?
Jochen