mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
cf4c2c64b0
For detailed discussion on the purpose of this change and the design decisions made, see `git log -1 $THIS_COMMIT~3`. If the HTTP certificate does not have the ipa-ca.$DOMAIN dNSName, resubmit the certificate request to add the name. This action is performed after the tracking request has already been updated. Note: due to https://pagure.io/certmonger/issue/143, the resubmitted request, if it does not immediately succeed (fairly likely during ipa-server-upgrade) and if the notAfter date of the current cert is still far off (also likely), then Certmonger will wait 7 days before trying again (unless restarted). There is not much we can do about that in the middle of ipa-server-upgrade. Part of: https://pagure.io/freeipa/issue/8186 Reviewed-By: Rob Crittenden <rcritten@redhat.com>