Hello, Today I realized that the https certificate for my freeipa web ui has expired. I tried to renew it using: #ipa-cacert-manage renew Renewing CA certificate, please wait
CA certificate successfully renewed The ipa-cacert-manage command was successful So it seemed to went well. I tried to restart ipa but it failed: # ipactl start Starting Directory Service Starting krb5kdc Service Starting kadmin Service Starting named Service Starting ipa_memcached Service Starting httpd Service Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. Failed to start httpd Service Shutting down What went wrong ? I'm running in a freeipa-server docker on a linux server... It is quite a big deal since I can not run my master freeipa anymore even from a backup ! Thanks. logs === # systemctl status httpd.service * httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service) Drop-In: /usr/lib/systemd/system/httpd.service.d `-abc.conf Active: failed (Result: exit-code) since Tue 2017-07-11 17:21:57 CEST; 3min 52s ago Process: 28719 ExecStopPost=/usr/bin/kdestroy -A (code=exited, status=0/SUCCESS) Process: 28717 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Process: 28716 ExecStartPre=/usr/libexec/ipa/ipa-httpd-kdcproxy (code=exited, status=0/SUCCESS) Main PID: 28717 (code=exited, status=1/FAILURE) Jul 11 17:21:56 ipa.quartzbio.com systemd[1]: Starting The Apache HTTP Server... Jul 11 17:21:56 ipa.quartzbio.com ipa-httpd-kdcproxy[28716]: ipa : INFO KDC proxy enabled Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: Failed to start The Apache HTTP Server. Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Unit entered failed state. Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: httpd.service: Failed with result 'exit-code'. Jul 11 17:21:57 ipa.quartzbio.com systemd[1]: Stopped The Apache HTTP Server. and (excerpt from journalctl -xe) -- The start-up result is done. Jul 11 17:29:15 ipa.quartzbio.com polkitd[28301]: Unregistered Authentication Agent for unix-process:28918:604682378 (system bus name :1.41, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) (disconnected from bus) Jul 11 17:29:15 ipa.quartzbio.com polkitd[28301]: Registered Authentication Agent for unix-process:28932:604682393 (system bus na me :1.42 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: systemd-hwdb-update.service: Cannot add dependency job, ignoring: Unit systemd-hwdb -update.service is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: dev-hugepages.mount: Cannot add dependency job, ignoring: Unit dev-hugepages.mount is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: ldconfig.service: Cannot add dependency job, ignoring: Unit ldconfig.service is mas ked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: swap.target: Cannot add dependency job, ignoring: Unit swap.target is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: sys-fs-fuse-connections.mount: Cannot add dependency job, ignoring: Unit sys-fs-fus e-connections.mount is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: local-fs.target: Cannot add dependency job, ignoring: Unit local-fs.target is maske d. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: systemd-update-done.service: Cannot add dependency job, ignoring: Unit systemd-upda te-done.service is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: slices.target: Cannot add dependency job, ignoring: Unit slices.target is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: dnf-makecache.timer: Cannot add dependency job, ignoring: Unit dnf-makecache.timer is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: fedora-autorelabel-mark.service: Cannot add dependency job, ignoring: Unit fedora-a utorelabel-mark.service is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: rpcbind.socket: Cannot add dependency job, ignoring: Unit rpcbind.socket is masked. Jul 11 17:29:15 ipa.quartzbio.com systemd[1]: Starting The Apache HTTP Server... -- Subject: Unit httpd.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has begun starting up. Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: checkhints: unable to get root NS rrset from cache: not found Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone 70.9.10.in-addr.arpa/IN: sending notifies (serial 1499786955) Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone 70.9.10.in-addr.arpa/IN: loaded serial 1499786955 Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone 0.17.172.in-addr.arpa/IN: sending notifies (serial 1499786955) Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone 0.17.172.in-addr.arpa/IN: loaded serial 1499786955 Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone quartzbio.com/IN: sending notifies (serial 1499786955) Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: zone quartzbio.com/IN: loaded serial 1499786955 Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: 3 master zones from LDAP instance 'ipa' loaded (3 zones defined, 0 inactive, 0 f ailed to load) Jul 11 17:29:15 ipa.quartzbio.com named-pkcs11[28910]: checkhints: unable to get root NS rrset from cache: not found Jul 11 17:29:16 ipa.quartzbio.com ns-slapd[28813]: GSSAPI client step 1 Jul 11 17:29:16 ipa.quartzbio.com ns-slapd[28813]: GSSAPI client step 1 Jul 11 17:29:16 ipa.quartzbio.com ipa-httpd-kdcproxy[28938]: ipa : INFO KDC proxy enabled Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: Failed to start The Apache HTTP Server. -- Subject: Unit httpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has failed. -- -- The result is failed. Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Unit entered failed state. Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: httpd.service: Failed with result 'exit-code'. Jul 11 17:29:16 ipa.quartzbio.com polkitd[28301]: Unregistered Authentication Agent for unix-process:28932:604682393 (system bus name :1.42, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) (disconnected from bus) Jul 11 17:29:16 ipa.quartzbio.com polkitd[28301]: Registered Authentication Agent for unix-process:28944:604682474 (system bus na me :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale C) Jul 11 17:29:16 ipa.quartzbio.com systemd[1]: Stopping Kerberos 5 KDC... -- Subject: Unit krb5kdc.service has begun shutting down -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org