[Freeipa-users] ACIerrors is httpd log
Rob Crittenden
rcritten at redhat.com
Mon Nov 28 19:39:50 UTC 2016
Jim Richard wrote:
> Honestly I’m not even sure if something is not working correctly :)
>
> All I know is that my httpd, access and krb5 logs are filling up all my
> disk space extremely quickly and I have no idea why.
>
> Centos 6.8 + IPA 3.0
>
> One master and one replica.
>
> Are these things related?
>
> How do I fix, where do I even start?
>
> Thanks !
>
> On the replica the httpd log is constantly getting spammed with:
>
> [Thu Nov 24 05:55:18 2016] [error] ipa: INFO:
> host/phoenix-153.nym1.placeiq.net at PLACEIQ.NET:
> cert_request(u’actual cert removed
.. , add=True): ACIError
>
> and on the master the access log is filling up quickly with:
>
> 10.1.41.110 - - [24/Nov/2016:06:09:54 +0000] "POST
> /ca/agent/ca/displayBySerial HTTP/1.1" 200 10106
Looks like certmonger trying to renew the per-client SSL certificate.
You can confirm by pulling out the CSR and poking at it with openssl req.
On the client you can try running: ipa-getcert list
This may show more details on why the request was rejected.
rob
More information about the Freeipa-users
mailing list