Trying to get a TLS certificate using centos-cert -u %user% fails:
centos-cert -u %user%
[+] 20211021-15:01 centos-cert -> Validating user [pjgeorg] with realm [FEDORAPROJECT.ORG] against https://fasjson.fedoraproject.org [+] 20211021-15:01 centos-cert -> We can reach [https://fasjson.fedoraproject.org] with realm [pjgeorg@FEDORAPROJECT.ORG], so now asking for TLS cert ... Generating CSR... Uploading CSR for signature... Error: could not sign the CSR (400: Failed to authenticate to CA REST API, {'message': 'Failed to authenticate to CA REST API', 'code': 4016, 'source': 'RPC'}). [+] 20211021-15:01 centos-cert -> [ISSUE] : Unable to retrieve TLS cert
centos-cert is using fasjson-client to retrieve the TLS certificate which fails:
centos-cert
fasjson-client
fasjson-client --verbose --url https://fasjson.fedoraproject.org get-cert -u pjgeorg -p $HOME/.centos-pjgeorg.key -s $HOME/.centos-pjgeorg.crt
pki-tomcatd@pki-tomcat.service was not running on ipa01.iad2.fedoraproject.org.
It seems to have failed to restart the last time it was restarted:
Oct 14 22:07:57 ipa01.iad2.fedoraproject.org systemd[1]: pki-tomcatd@pki-tomcat.service: Start-post operation timed out. Stopping. Oct 14 22:07:57 ipa01.iad2.fedoraproject.org systemd[1]: pki-tomcatd@pki-tomcat.service: Failed with result 'timeout'. Oct 14 22:07:57 ipa01.iad2.fedoraproject.org systemd[1]: Failed to start PKI Tomcat Server pki-tomcat.
I restarted it and it started up fine. It might have been when we had our dns caused outage on the 14th...
So, it should be working now, can you retry and confirm?
This is fixed now, if the problem still persists, please reopen the ticket.
Metadata Update from @mohanboddu: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Now happened to me as well:
$ centos-cert -u yedidyah [+] 20220110-11:44 centos-cert -> Validating user [yedidyah] with realm C against https://fasjson.fedoraproject.org [+] 20220110-11:44 centos-cert -> We can reach [https://fasjson.fedoraproject.org] with realm [yedidyah@FEDORAPROJECT.ORG], so now asking for TLS cert ... Generating CSR... Uploading CSR for signature... Error: could not sign the CSR (400: Failed to authenticate to CA REST API, {'message': 'Failed to authenticate to CA REST API', 'code': 4016, 'source': 'RPC'}). [+] 20220110-11:44 centos-cert -> [ISSUE] : Unable to retrieve TLS cert
Should I reopen? Create a new issue? Something else? Thanks!
Can you file a new ticket about that? The service is running fine, so it's something else in your case.
I'm getting the same issue as well
Opened a new issue: https://pagure.io/fedora-infrastructure/issue/10470
Login to comment on this ticket.