I have had this exact error trying to create a replica. Rob's advice on the httpd log levels was very helpful (thank you!). The httpd logs showed this:

ipa: DEBUG: request GET https://ipa.ipconfigure.com:443/ca/rest/account/login ipa: DEBUG: request body '' AH01972: could not resolve address of OCSP responder ipc-ca.ipconfigure.com AH02039: Certificate Verification: Error (50): application verification failure

I don't remember having a DNS record for the CA (ipc-ca) separate from my primary FreeIPA server's hostname (newipa), but evidently I lost that DNS record somewhere along the way. After creating/restoring the DNS record for the CA, ipa-replica-install completes without error.