IPA: kdc.crt certificate not getting automatically renewed by certmonger in IPA server promoted as Hidden replica
Issue
- IPA: kdc.crt certificate not getting automatically renewed by certmonger in IPA server promoted as Hidden replica
# getcert list -f /var/kerberos/krb5kdc/kdc.crt
Number of certificates and requests being tracked: 9.
Request ID '20240531070303':
ca-error: Server at https://ipaserver.example.test/ipa/json denied our request, giving up: 2100 (Insufficient access: Host 'ipaserver.example.test' is not an active KDC).
- Manual renewal of
/var/kerberos/krb5kdc/kdc.crtis failing with same error.
# getcert resbumit -f /var/kerberos/krb5kdc/kdc.crt
Environment
- Red Hat Enterprise Linux 8
- IPA 4.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
