[Freeipa-users] Re: Another Cert Expiration Problem

Any other advice here? I have also tried setting system back to when certificates were valid, restarting certmonger and pki-tomcatd, and running getcert resubmit on the affected certs, this moves them to a "Monitoring" status, but they still never renew when in present day or when the system is back in time. When the system is back in time to when certs are valid, if I startup certmonger in debug mode and submit the getcert resubmit, I get this: 2023-08-25 00:29:24 [106919] Certificate submission attempt complete. 2023-08-25 00:29:24 [106919] Child status = 2. 2023-08-25 00:29:24 [106919] Child output: "Server at "http://master.ipa.example.co:8080/ca/ee/ca/profileSubmit" replied: Request 1 - Server Internal Error " 2023-08-25 00:29:24 [106919] Server at "http://master.ipa.example.co:8080/ca/ee/ca/profileSubmit" replied: Request 1 - Server Internal Error 2023-08-25 00:29:24 [106919] Certificate not (yet?) issued. 2023-08-25 00:29:24 [106919] Request2('20230825040038') already had a certificate, going back to monitoring it 2023-08-25 00:29:24 [106919] Request2('20230825040038') moved to state 'MONITORING' 2023-08-25 00:29:24 [106919] Wrote to /var/lib/certmonger/requests/20230825040039 2023-08-25 00:29:24 [106919] Will revisit Request2('20230825040038') soonish. 2023-08-25 00:29:54 [106919] Will revisit Request2('20230825040038') in 41876 seconds. Digging further on this, pki-tomcat logs show an LDAP error: 2023-08-25 00:29:23 [http-nio-8080-exec-3] WARNING: Unable to update certificate request: Unable to modify LDAP record: Object class violation Unable to modify LDAP record: Object class violation at com.netscape.cmscore.dbs.LDAPSession.modify(LDAPSession.java:276) at com.netscape.cmscore.request.RequestRepository.modifyRequest(RequestRepository.java:322) at com.netscape.cmscore.request.RequestRepository.updateRequest(RequestRepository.java:290) at com.netscape.cms.servlet.cert.CertProcessor.submitRequests(CertProcessor.java:323) at com.netscape.cms.servlet.cert.EnrollmentProcessor.processEnrollment(EnrollmentProcessor.java:207) at com.netscape.cms.servlet.cert.EnrollmentProcessor.processEnrollment(EnrollmentProcessor.java:97) at com.netscape.cms.servlet.profile.ProfileSubmitServlet.processEnrollment(ProfileSubmitServlet.java:278) at com.netscape.cms.servlet.profile.ProfileSubmitServlet.process(ProfileSubmitServlet.java:131) at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:487) at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:207) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:137) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:136) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:280) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:176) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:137) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:136) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481) at com.netscape.cms.tomcat.ExternalAuthenticationValve.invoke(ExternalAuthenticationValve.java:83) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: netscape.ldap.LDAPException: Object class violation (65); unknown object class "request" at netscape.ldap.LDAPConnection.checkMsg(Unknown Source) at netscape.ldap.LDAPConnection.modify(Unknown Source) at netscape.ldap.LDAPConnection.modify(Unknown Source) at netscape.ldap.LDAPConnection.modify(Unknown Source) at netscape.ldap.LDAPConnection.modify(Unknown Source) at com.netscape.cmscore.dbs.LDAPSession.modify(LDAPSession.java:264) ... 54 more I really have no idea where to go from here with this. Thanks in advance, Russ