John Michelle via FreeIPA-users wrote: > I would upgrade my ipa server ( i ve 6 instance ) , from 4.9.13-12 to > 4.9.13-20 > > 2025-10-18T06:16:00Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2025-10-18T06:16:00Z DEBUG request POST > http://XXXXX:8080/ca/admin/ca/getStatus > 2025-10-18T06:16:00Z DEBUG request body '' > 2025-10-18T06:16:00Z DEBUG httplib request failed: > Traceback (most recent call last): > File "/usr/lib/python3.6/site-packages/ipapython/dogtag.py", line 271, in > _httplib_request > conn.request(method, path, body=request_body, headers=headers) > File "/usr/lib64/python3.6/http/client.py", line 1273, in request > self._send_request(method, url, body, headers, encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1319, in _send_request > self.endheaders(body, encode_chunked=encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1268, in endheaders > self._send_output(message_body, encode_chunked=encode_chunked) > File "/usr/lib64/python3.6/http/client.py", line 1044, in _send_output > self.send(msg) > File "/usr/lib64/python3.6/http/client.py", line 982, in send > self.connect() > File "/usr/lib64/python3.6/http/client.py", line 954, in connect > (self.host,self.port), self.timeout, self.source_address) > File "/usr/lib64/python3.6/socket.py", line 724, in create_connection > raise err > File "/usr/lib64/python3.6/socket.py", line 713, in create_connection > sock.connect(sa) > ConnectionRefusedError: [Errno 111] Connection refused > 2025-10-18T06:16:00Z DEBUG Failed to check CA status: cannot connect to > 'http://XXXXX:8080/ca/admin/ca/getStatus': [Errno 111] Connection refused > 2025-10-18T06:16:00Z DEBUG Loading StateFile from > '/var/lib/ipa/sysrestore/sysrestore.state' > 2025-10-18T06:16:00Z DEBUG Loading Index file from > '/var/lib/ipa/sysrestore/sysrestore.index' > 2025-10-18T06:16:00Z DEBUG Ensuring that service pki-tomcatd@pki-tomcat is > not running while the next set of commands is being executed. > 2025-10-18T06:16:00Z DEBUG Starting external process > > The port is open , and firewalld is disabled > > ss -lntp | egrep ':8080|:8443' > LISTEN 0 100 *:8080 *:* > users:(("java",pid=2183,fd=90)) > > > LISTEN 0 100 *:8443 *:* > users:(("java",pid=2183,fd=93)) > > and the service is running >
tomcat the service is different from dogtag PKI running. tomcat is a webapp runner and the CA is a webapp. This means that tomcat started but the CA did not. You'll need to look into the CA debug log to see if there is anything, /var/log/pki/pki-tomcat/ca/debug-date.log You'll want to start at the bottom of the file, seek up to find where the startup begins, then move down. It may well be that the CA took too long to start and it timed out. rob -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
