Jeremy Tourville via FreeIPA-users wrote:
I recently updated my system. I am now at version 4.9.11. After the update I noticed the following output from healthcheck.
# ipa-healthcheck ra.get_certificate(): Request failed with status 404: Non-2xx response from CA REST API: 404. Certificate ID 0x6f0000001f2421fafd6722322500000000001f not found (404) [ { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConnectivityCheck", "result": "ERROR", "uuid": "8a663c7d-77f9-4739-8029-c401b113fa5e", "when": "20231003134004Z", "duration": "0.093615", "kw": { "key": "cert_show_1", "error": "Certificate operation cannot be completed: Request failed with status 404: Non-2xx response from CA REST API: 404. Certificate ID 0x6f0000001f2421fafd6722322500000000001f not found (404)", "serial": "2475382717198593230277736537855912919378690079", "msg": "Serial number not found: {error}" } },
Is this an externally-signed CA? There was a bug in healthcheck that didn't take this case into account. What version of healthcheck do you have?
{ "source": "ipahealthcheck.ipa.certs", "check": "IPACertTracking", "result": "WARNING", "uuid": "3c183bb0-bffc-403a-9899-a59a4d29750b", "when": "20231003134009Z", "duration": "1.819175", "kw": { "key": "20230901185953", "msg": "certmonger tracking request {key} found and is not expected on an IPA master." } } ]
You need to see what this tracking request is. It may be perfectly valid for your setup, it just isn't an expected cert: getcert list -i "20230901185953",
rob