Gah, regarding Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': 'IPA', 'cert-database': '/etc/httpd/alias', 'cert-postsave-command': '/usr/libexec/ipa/certmonger/restart_httpd'}
never mind. The cert is in the verbose output you sent! It is fine and issued by IPA. So this looks like the tracking is simply missing. Can you run: # ipa-getcert list You should have two certs, one for Apache tracking /etc/httpd/alias and one for LDAP tracking /etc/dirsrv/slapd-REALM If you have one for Apache can you provide the output of the list command? If you don't then you can re-create it (this doesn't touch the certs themselves) via: # ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -C /usr/libexec/ipa/certmonger/restart_httpd rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org