As an administrator, I want to be able to enable/disable and configure the ACME service on a deployment wide basis, so that configuration is consistent across the topology at all times.
Currently ipa-acme-manage must be run separately on each CA replica to configure the ACME service.
ipa-acme-manage
Run an IPA command e.g. ipa acme-config-mod --enabled=1. That modifies an entry in LDAP, and the changes get replicated. The ACME service on each CA replica observes the change and reconfigures itself accordingly.
ipa acme-config-mod --enabled=1
Relevant section of design document: https://www.freeipa.org/page/V4/ACME#Replicated_configuration
Closing as duplicate of #8524 Deploy & manage the ACME service topology wide from a single system
Metadata Update from @frenaud: - Issue close_status updated to: duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.