Hi Rob, so in "/etc/dirsrv/slapd-ITEC-LAB/dse.ldif", nsslapd-port was '0' and nsslapd-security was off, I fixed it and now it's listening on port 389 and 636:
# netstat -tulpn | grep LISTEN | grep ns-slapd tcp6 0 0 :::636 :::* LISTEN 30606/ns-slapd tcp6 0 0 :::389 :::* LISTEN 30606/ns-slapd Then I tried to restart all the ipactl services one by one. pki-tomcatd keeps failing and /var/log/pki/pki-tomcat/ca/debug does not log anymore (last log is the one i sent you above, 31 Dec 2019) I resubmitted all the expired certs and restarting cermonger but certs keep being unreachable. from certmonger logs: nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: Forwarding request to dogtag-ipa-renew-agent nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: GET http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit?profileId=caServerCert&serial_num=20&renewal=true&xml=true& nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: (null) nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: dogtag-ipa-renew-agent returned 3 nov 17 18:11:47 ipa1.itec.lab certmonger[30685]: 2020-11-17 18:11:47 [30685] Error 7 connecting to http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit: Couldn't connect to server. in certmonger's log I also saw these: nov 17 18:11:01 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30741]: Traceback (most recent call last): File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 533, in <module> sys.exit(main()) File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 495, in main api.finalize() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 740, in finalize self.__do_if_not_done('load_plugins') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 431, in __do_if_not_done getattr(self, name)() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 620, in load_plugins self.add_package(package) File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 647, in add_package module = importlib.import_module(name) File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module __import__(name) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/server.py", line 32, in <module> from ipaserver.install import bindinstance, dnskeysyncinstance File "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", line 17, in <module> from ipaserver import p11helper as _ipap11helper File "/usr/lib/python2.7/site-packages/ipaserver/p11helper.py", line 342, in <module> _libp11_kit = _ffi.dlopen(ctypes.util.find_library('p11-kit')) File "/usr/lib64/python2.7/ctypes/util.py", line 244, in find_library return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name)) File "/usr/lib64/python2.7/ctypes/util.py", line 233, in _findSoname_ldconfig f = os.popen('/sbin/ldconfig -p 2>/dev/null') OSError: [Errno 12] Cannot allocate memory _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure