On 11/28/19 1:58 PM, Natxo Asenjo via FreeIPA-users wrote:
On Thu, Nov 28, 2019 at 10:58 AM Florence Blanc-Renaud <flo@redhat.com mailto:flo@redhat.com> wrote:
please first make a backup of the files. Copy the ra-agent.pem from the working kdc to the broken kdc, then restart ipa and check if certmonger is able to renew the other certificates. The key file probably didn't change (the renewal uses the same key) so I don't think you need to copy this file.so, this worked ;-), en now ipactl status shows everything is running.
After re-submitting a couple of certificate requests, everything is back to normal.
Great! Thanks for the update. flo
Thanks Florence, for your assistance. I have learnt a lot too with this blog of your colleague Fraser Tweedale: https://frasertweedale.github.io/blog-redhat/posts/2018-11-20-ca-renewal-mas...
Regards, Natxo -- Groeten, natxo
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...