[Freeipa-users] Re: certmonger (back in time) renewal is onyl 50% successful

Hi Rob, when certmonger fails to renew a cert, and PKI is running, it fails and dogtag-ipa-ca-renew-agent-submit shows the message : ACIError: Insufficient access: Invalid credentials Aug 10 01:04:34 ca-ldap01 certmonger[8834]: 2018-08-10 01:04:34 [8834] Internal error I hope to troubleshoot this, so insufficient access to where? Again, PKI is running, with no TLS, and this command returns "HTTP/1.1 200 OK" # SSL_DIR=/etc/httpd/alias/ curl -v -o /dev/null --cacert /etc/ipa/ca.crt https://`hostname`:8443/ca/agent/ca/profileReview