[Freeipa-users] Failed to remove host (Some entries were not deleted)
Rob Crittenden
rcritten at redhat.com
Tue Nov 26 13:58:03 UTC 2013
Andrew Lau wrote:
> Hi,
>
> I've got an issue where I can't seem to remove a host from my freeipa
> install. It gives me an error:
>
> Certificate operation cannot be completed: EXCEPTION (Certificate serial
> number 0xfff0006 not found)
>
> I thought it might be a replica issue, so I forced sync and also tried
> re-initializing the replica but no luck.
>
> Any suggestions?
Deleting a host does a number of additional things:
- revokes the certificate for the host if it exists
- deletes the services for that host, revoking their certificates as
needed
So in this case the host has a certificate associated with it and
revocation is failing because the CA doesn't have a record of this
certificate.
If you can be sure that the certificate is not in the IPA CA you can
clear the value with:
# ipa host-mod --certificate= test.example.com
This passes an empty value to --certificate which results in removing
the value. Then you should be able to delete the host.
rob
More information about the Freeipa-users
mailing list