Bryan Fang via FreeIPA-users wrote: > Hi folks, > hope you are doing well, in case of dealing with domain level 0, when run > ipa-replica-install, i have to provide gpg file as one of parameters, and > cannot use --dirsrv-cert-file etc. together with gpg file > 'You cannot specify any of --dirsrv-cert-file, --http-cert-file, or > --pkinit-cert-file together with replica file' > as your suggestion I run ipa-client-install firstly, all certificates should > be placed correctly, then when I run ipa-replica-install file.gpg -d, then > get below error message > ipapython.admintool: DEBUG The ipa-replica-install command failed, > exception: ScriptError: IPA client is already configured on this system. > Please uninstall it first before configuring the replica, using > 'ipa-client-install --uninstall'. > ipapython.admintool: ERROR IPA client is already configured on this system. > > but certificate issue if I uninstall ipa-client, how to solve this issue? > thanks in advance!
It's hard to help with older installs when you don't provide any version or OS information. DL0 doesn't allow for client promotion to replica. Is there a reason you're not upgrading to DL1? Information on how the server is installed would be helpful. It sure sounds like you replaced some certificates with externally-signed ones but still have an IPA CA, is that correct? rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
