Hi Flo, the journalctl reports that request is rejected, error 2.
dogtag-ipa-ca-renew-agent-submit[29544]: Forwarding request to dogtag-ipa-renew-agent
dogtag-ipa-renew-agent-submit[29558]: GET
http://ca-ldap01.:8080/ca/ee/ca/profileSubmit?profil
dogtag-ipa-renew-agent-submit[29558]: <html><head><title>Apache
Tomcat/7.0.69 - Error report</title><style>
dogtag-ipa-ca-renew-agent-submit[29544]: dogtag-ipa-renew-agent returned 2
I can't find a common date where all the certificates are valid, since
""ocspSigningCert cert-pki-ca" is not valid before today.
# certutil -L -d /etc/pki/pki-tomcat/alias -n "auditSigningCert cert-pki-ca" |
egrep "Not Before|After"
Not Before: Wed Aug 24 20:49:38 2016
Not After : Tue Aug 14 20:49:38 2018
# certutil -L -d /etc/pki/pki-tomcat/alias -n "ocspSigningCert cert-pki-ca" |
egrep "Not Before|After"
Not Before: Mon Oct 22 20:15:53 2018
Not After : Sun Oct 11 20:15:53 2020
# certutil -L -d /etc/pki/pki-tomcat/alias -n "subsystemCert cert-pki-ca" |
egrep "Not Before|After"
Not Before: Wed Aug 24 20:49:36 2016
Not After : Tue Aug 14 20:49:36 2018
# certutil -L -d /etc/pki/pki-tomcat/alias -n "caSigningCert cert-pki-ca" |
egrep "Not Before|After"
Not Before: Mon Oct 22 18:15:48 2018
Not After : Fri Oct 22 18:15:48 2038
# certutil -L -d /etc/httpd/alias -n "ipaCert" | egrep "Not
Before|After"
Not Before: Wed Aug 24 20:50:00 2016
Not After : Tue Aug 14 20:50:00 2018
# certutil -L -d /etc/pki/pki-tomcat/alias -n "Server-Cert cert-pki-ca" | egrep
"Not Before|After"
Not Before: Wed Jul 18 01:47:45 2018
Not After : Tue Jul 07 01:47:45 2020