[Freeipa-users] freeipa3.0.0 can't renew certificate

[hao]

now I execute getcert list，all certificate status MONITORING,but there was an error 
ca-error: Internal error: no response to "http://ipaserver.xxx.io:9180/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=2&renewal=true&xml=true"






At 2017-03-02 11:34:10, "hao" <hrayha at 163.com> wrote:

Hi:


I have finished reading http://www.freeipa.org/page/IPA_2x_Certificate_Renewal  , before execute,I stop tracking all cert in `getcert list`
Now, only "issuer: CN=IPA RA,O=XXX.IO " certificate expires at 2018-02-28 08:14:38 UTC,other certificate still expires at 2017-02-15 06:10:36 UTC，
I execute 
"for nickname in "auditSigningCert cert-pki-ca" "ocspSigningCert cert-pki-ca" "subsystemCert cert-pki-ca" "Server-Cert cert-pki-ca"
 do
     /usr/bin/getcert start-tracking -d /var/lib/pki-ca/alias -n "${nickname}" -c dogtag-ipa-renew-agent -P xxxxxx
 done"
and all command in "http://www.freeipa.org/page/IPA_2x_Certificate_Renewal"  but still no effect
I've tried “http://www.freeipa.org/page/Certmonger” “http://www.freeipa.org/page/Howto/CA_Certificate_Renewal”  “http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master” before that，I'm not sure if there will be an error step


Please help me 


Thank you




 




【网易自营|30天无忧退货】差旅打包必备“MUJI制造商梭织布多层收纳包”，让出行更完美>>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170302/d41a474c/attachment.htm>