[Freeipa-users] ACIerrors is httpd log
Jim Richard
jrichard at placeiq.com
Fri Dec 2 01:32:50 UTC 2016
I think I know what the issue is.
I had 2 IPA servers, both with CA’s
I dropped one and rebuilt without the CA but a bunch of clients are still pointing at this one server that now is without a CA.
Will rebuild that one with a CA and almost sure that will fix.
<http://www.placeiq.com/> <http://www.placeiq.com/> <http://www.placeiq.com/> Jim Richard <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://twitter.com/placeiq> <https://www.facebook.com/PlaceIQ> <https://www.facebook.com/PlaceIQ> <https://www.linkedin.com/company/placeiq> <https://www.linkedin.com/company/placeiq>
SYSTEM ADMINISTRATOR III
(646) 338-8905
<http://placeiq.com/2016/10/26/the-making-of-a-location-data-industry-milestone/>
> On Nov 28, 2016, at 2:39 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>
> Jim Richard wrote:
>> Honestly Im not even sure if something is not working correctly :)
>>
>> All I know is that my httpd, access and krb5 logs are filling up all my
>> disk space extremely quickly and I have no idea why.
>>
>> Centos 6.8 + IPA 3.0
>>
>> One master and one replica.
>>
>> Are these things related?
>>
>> How do I fix, where do I even start?
>>
>> Thanks !
>>
>> On the replica the httpd log is constantly getting spammed with:
>>
>> [Thu Nov 24 05:55:18 2016] [error] ipa: INFO:
>> host/phoenix-153.nym1.placeiq.net at PLACEIQ.NET:
>> cert_request(uactual cert removed
> .. , add=True): ACIError
>>
>> and on the master the access log is filling up quickly with:
>>
>> 10.1.41.110 - - [24/Nov/2016:06:09:54 +0000] "POST
>> /ca/agent/ca/displayBySerial HTTP/1.1" 200 10106
>
> Looks like certmonger trying to renew the per-client SSL certificate.
> You can confirm by pulling out the CSR and poking at it with openssl req.
>
> On the client you can try running: ipa-getcert list
>
> This may show more details on why the request was rejected.
>
> rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161201/cb8c1243/attachment.htm>
More information about the Freeipa-users
mailing list