[Freeipa-users] IPA Error 401 certificate not found
Rob Crittenden
rcritten at redhat.com
Tue Aug 14 18:54:07 UTC 2012
James Hogarth wrote:
> Hi all,
>
> I was adding and removing the same hosts and a fairly high rate from
> IPA and I've managed to get myself into an odd situation...
>
> On trying to delete or unprovision one of the hosts I'm getting IPA
> error 401: Certificate operation cannot be completed: EXCEPTION
> (Certificate serial number 0x2fff0009 not found)
>
> I suspect I've hit a replication conflict...
>
> Has anyone encountered this before or know a way to resolve it cleanly?
>
I assume you've got multiple dogtag instances? I'd start there. Use
ipa-csreplica-manage --force-sync to be sure all of the updates have
gone out. That may unblock something.
This may be something to open a ticket on, perhaps adding a --force.
When you delete a host it tries to delete all its services. When a
service is deleted any certificate associated with it is revoked. Once
those are all done the host's cert is revoke.
If any of these revocations fail then the delete fails hard.
rob
More information about the Freeipa-users
mailing list