On 11/28/19 1:58 PM, Natxo Asenjo via FreeIPA-users wrote:
On Thu, Nov 28, 2019 at 10:58 AM Florence Blanc-Renaud <f...@redhat.com
<mailto:f...@redhat.com>> wrote:
please first make a backup of the files. Copy the ra-agent.pem from the
working kdc to the broken kdc, then restart ipa and check if certmonger
is able to renew the other certificates.
The key file probably didn't change (the renewal uses the same key)
so I
don't think you need to copy this file.
so, this worked ;-), en now ipactl status shows everything is running.
After re-submitting a couple of certificate requests, everything is back
to normal.
Great! Thanks for the update.
flo
Thanks Florence, for your assistance. I have learnt a lot too with this
blog of your colleague Fraser Tweedale:
https://frasertweedale.github.io/blog-redhat/posts/2018-11-20-ca-renewal-master.html
Regards,
Natxo
--
Groeten,
natxo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org