Skip to content

Certificate renewal every time the role runs for IPA #294

New issue
New issue
Open
Open
Certificate renewal every time the role runs for IPA#294
@smirta

Description

@smirta
smirta
opened on Oct 18, 2025

Dear all,

I don't know if this is dependent on the version of FreeIPA or Red Hat IdM but we were facing the issue that with

certificate/README.md

Lines 381 to 391 in dd1fa0c

---
- hosts: webserver
vars:
certificate_requests:
- name: mycert
dns: www.example.com
principal: HTTP/www.example.com@EXAMPLE.COM
ca: ipa
roles:
- linux-system-roles.certificate

certificates were renewed every time the role ran. We found out, the key_size needs to be set to prevent that. After we set this, the certificates only get renewed when they're for whatever reason are no longer valid or some properties changed.

Since I'm not sure that is dependent on the version of FreeIPA, I'm not sure if the README needs adjustment or just a note, that setting key_size might be required. Maybe also extending the test cases may be useful.

Kind regards,
Simon

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions