ipa-replica-install fails with the error "RuntimeError: Certificate issuance failed (CA_UNREACHABLE)"

Solution In Progress - Updated -

Issue

ipa-replica-install fails. When checking /var/log/ipareplica-install.log for more details, you see the following errors:

2018-04-03T14:53:49Z DEBUG certmonger request is in state dbus.String(u'NEWLY_ADDED_READING_KEYINFO', variant_level=1)
2018-04-03T14:53:54Z DEBUG certmonger request is in state dbus.String(u'CA_UNREACHABLE', variant_level=1)
2018-04-03T14:53:54Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dsinstance.py", line 824, in __enable_ssl
    post_command=cmd)
  File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 317, in request_and_wait_for_cert
    raise RuntimeError("Certificate issuance failed ({})".format(state))
RuntimeError: Certificate issuance failed (CA_UNREACHABLE)

2018-04-03T14:53:54Z DEBUG   [error] RuntimeError: Certificate issuance failed (CA_UNREACHABLE)

...
  File "/usr/lib/python2.7/site-packages/ipalib/install/certmonger.py", line 317, in request_and_wait_for_cert
    raise RuntimeError("Certificate issuance failed ({})".format(state))

2018-04-03T14:53:54Z DEBUG The ipa-replica-install command failed, exception: RuntimeError: Certificate issuance failed (CA_UNREACHABLE)
2018-04-03T14:53:54Z ERROR Certificate issuance failed (CA_UNREACHABLE)
2018-04-03T14:53:54Z ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information

Environment

  • IDM

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content