sorry posted the answer in a dm.
I'll post any weird stuff in it here when rob finds it

.

Op ma 21 nov. 2022 om 15:25 schreef Rob Crittenden <rcritten@redhat.com>:
Rob Verduijn via FreeIPA-users wrote:
> thanx
>
> any clues about the other errors?

It isn't a dbus issue because the other certmonger requests are working
fine. In the past this has been caused by missing expected (assumed)
entries.

Can you share the output of getcert-list and getcert list-cas?

and:

ipa-healthcheck --debug --source ipahealthcheck.ipa.certs --check
IPACertmongerCA

rob

>
> ipa-healthcheck  
> args=({'msgtype': 101, 'msgid': 3, 'result': 32, 'desc': 'No such
> object', 'ctrls': [], 'ldap_request':
> "search_ext_s(('cn=changelog5,cn=config', 0,
> '(objectClass=*)'),{'attrlist': ['nsslapd-changelogmaxentries'],
> 'serverctrls': None, '
> clientctrls': None, 'escapehatch': 'i am sure'}) on instance
> TJAKO-THUIS"},)
> [
>  {
>    "source": "ipahealthcheck.ipa.certs",
>    "check": "IPACertTracking",
>    "result": "CRITICAL",
>    "uuid": "6bab1187-3285-4059-9f92-a6e8fba54d2f",
>    "when": "20221119105634Z",
>    "duration": "0.721246",
>    "kw": {
>      "exception": "bus, object_path and dbus_interface must not be None."
>    }
>  },
>  {
>    "source": "ipahealthcheck.ipa.certs",
>    "check": "IPACertDNSSAN",
>    "result": "CRITICAL",
>    "uuid": "b13b939b-9b8d-4893-ba31-da2dd203551a",
>    "when": "20221119105635Z",
>    "duration": "0.683679",
>    "kw": {
>      "exception": "bus, object_path and dbus_interface must not be None."
>    }
>  },
>  {
>    "source": "ipahealthcheck.ipa.certs",
>    "check": "IPACertRevocation",
>    "result": "CRITICAL",
>    "uuid": "a235463c-85cd-4277-8ee8-a10a0fcc6e5c",
>    "when": "20221119105638Z",
>    "duration": "0.655251",
>    "kw": {
>      "exception": "bus, object_path and dbus_interface must not be None."
>    }
>  },
>  {
>    "source": "ipahealthcheck.ipa.files",
>    "check": "IPAFileCheck",
>    "result": "CRITICAL",
>    "uuid": "85deeb45-7e32-4f00-b2ab-a9b0484242c7",
>    "when": "20221119105639Z",
>    "duration": "0.083885",
>    "kw": {
>      "exception": "bus, object_path and dbus_interface must not be None."
>    }
>  }
> ]
>
>
>
> Op zo 20 nov. 2022 om 17:08 schreef Mark Reynolds <mareynol@redhat.com
> <mailto:mareynol@redhat.com>>:
>
>
>     On 11/20/22 10:51 AM, Rob Verduijn wrote:
>>
>>
>>     Op zo 20 nov. 2022 15:57 schreef Mark Reynolds
>>     <mareynol@redhat.com <mailto:mareynol@redhat.com>>:
>>
>>
>>         On 11/20/22 9:06 AM, Sam Morris via FreeIPA-users wrote:
>>         > On Sat, 2022-11-19 at 11:57 +0100, Rob Verduijn via
>>         FreeIPA-users
>>         > wrote:
>>         >> Hi all,
>>         >>
>>         >> I managed to get rid of another error but I still have
>>         plenty erros
>>         >> left.
>>         >>
>>         >> Any help would be apreciated.
>>         >>
>>         >> ipa-healthcheck errors remaining:
>>         >>
>>         >> ipa-healthcheck
>>         >> args=({'msgtype': 101, 'msgid': 3, 'result': 32, 'desc':
>>         'No such
>>         >> object', 'ctrls': [], 'ldap_request':
>>         >> "search_ext_s(('cn=changelog5,cn=config', 0,
>>         >> '(objectClass=*)'),{'attrlist':
>>         ['nsslapd-changelogmaxentries'],
>>         >> 'serverctrls': None,'
>>         >> clientctrls': None, 'escapehatch': 'i am sure'}) on
>>         instance TJAKO-
>>         >> THUIS"},)
>>         > Is this your server telling you that the entry
>>         cn=changelog5,cn=config
>>         > does not exist? That sounds pretty bad... try running this
>>         (change IPA-
>>         > EXAMPLE-COM to the name of your dirsrv instance):
>>         >
>>         > ldapsearch -H ldapi://%2frun%2fslapd-IPA-EXAMPLE-COM.socket
>>         -Y EXTERNAL
>>         > -b cn=changelog5,cn=config -s base
>>
>>         This is fine actually. This is a bug we are looking into.  It
>>         should not
>>         be outputting that exception.  It just checking if a backend
>>         has a
>>         changelog, not that it's expecting one.  This can be ignored.
>>
>>         Mark
>>
>>         Can you share a link to this bug?
>>
>
>     https://bugzilla.redhat.com/show_bug.cgi?id=2115254
>
>>
>>
>>
>>
>>         >
>>         >>    {
>>         >>      "source": "ipahealthcheck.ipa.certs",
>>         >>      "check": "IPACertTracking",
>>         >>      "result": "CRITICAL",
>>         >>      "uuid": "6bab1187-3285-4059-9f92-a6e8fba54d2f",
>>         >>      "when": "20221119105634Z",
>>         >>      "duration": "0.721246",
>>         >>      "kw": {
>>         >>        "exception": "bus, object_path and dbus_interface
>>         must not be
>>         >> None."
>>         >>      }
>>         >>    },
>>         > These look like D-Bus-related errors. Is certmonger started,
>>         can you
>>         > run 'getcert list'?
>>         >
>>         --
>>         Directory Server Development Team
>>
>     --
>     Directory Server Development Team
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
>