(Last mail wasn't sent to mailing list - bad settings of my mail client, sorry for that).
So, replication is working and there is indeed a new certificate for IPA RA. Can this be from the renewal cycle on ldap1. But isn't this some kind of chicken-egg-problem now? Apparently ldap2 cannot talk to the CA and as a consequence I cannot query certificate contents on ldap2. getcert resubmit puts me back in the status of CA_WORKING. Would adding it manually to the database in /etc/httpd/alias work? Or can I put in some other place to make the "dogtag-ipa-ca-renew-agent" aware of the new certificate? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure