<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <p><br>
    </p>
    <p>Then you have to start services manually, I don't know if the
      same steps will work with IPA 3.0.0, I don't remember, but you can
      try :)<br>
    </p>
    <br>
    <div class="moz-cite-prefix">On 14.09.2016 18:18, bahan w wrote:<br>
    </div>
    <blockquote
cite="mid:CAMJtubJHP9n0GxKiUnkgPu8KJrOaTfR646zR+MoqBsmUTGVjyg@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>Oh I forgot to add that my version of ipa is quite old :<br>
          ###<br>
          # rpm -qa | grep ipa-server<br>
          ipa-server-3.0.0-25.el6.x86_64<br>
          ###<br>
          <br>
        </div>
        When I try the command you gave me I got the following error :<br>
        ###<br>
        <div># ipactl start --force<br>
          Usage: ipactl start|stop|restart|status<br>
          <br>
          <br>
          ipactl: error: no such option: --force<br>
          ###<br>
          <br>
        </div>
        <div>Best regards.<br>
          <br>
        </div>
        <div>Bahan<br>
        </div>
      </div>
    </blockquote>
    <blockquote
cite="mid:CAMJtubJHP9n0GxKiUnkgPu8KJrOaTfR646zR+MoqBsmUTGVjyg@mail.gmail.com"
      type="cite">
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On Wed, Sep 14, 2016 at 6:14 PM, Martin
          Basti <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:mbasti@redhat.com" target="_blank">mbasti@redhat.com</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div bgcolor="#FFFFFF" text="#000000">
              <div>
                <div class="h5">
                  <p><br>
                  </p>
                  <br>
                  <div>On 14.09.2016 17:59, bahan w wrote:<br>
                  </div>
                  <blockquote type="cite">
                    <div dir="ltr">
                      <div>
                        <div>
                          <div>
                            <div>Hello !<br>
                              <br>
                            </div>
                            I send you this mail because I cannot
                            restart my test IPA server.<br>
                            <br>
                          </div>
                          When I try to start it with service ipa start,
                          I got the following error message :<br>
                          ###<br>
                          # service ipa start<br>
                          Starting Directory Service<br>
                          Starting dirsrv:<br>
                              <MYREALM>...[14/Sep/2016:17:<wbr>57:23
                          +0200] - SSL alert: CERT_VerifyCertificateNow:
                          verify certificate failed for cert Server-Cert
                          of family cn=RSA,cn=encryption,cn=config
                          (Netscape Portable Runtime error -8181 -
                          Peer's Certificate has expired.)<br>
                                                        <wbr>                            
                          [  OK  ]<br>
                              PKI-IPA...[14/Sep/2016:17:57:<wbr>33
                          +0200] - SSL alert: CERT_VerifyCertificateNow:
                          verify certificate failed for cert Server-Cert
                          of family cn=RSA,cn=encryption,cn=config
                          (Netscape Portable Runtime error -8181 -
                          Peer's Certificate has expired.)<br>
                                                        <wbr>                            
                          [  OK  ]<br>
                          Starting KDC Service<br>
                          Starting Kerberos 5
                          KDC:                          <wbr>         [ 
                          OK  ]<br>
                          Starting KPASSWD Service<br>
                          Starting Kerberos 5 Admin
                          Server:                       <wbr>   [  OK  ]<br>
                          Starting MEMCACHE Service<br>
                          Starting ipa_memcached:                <wbr>                   
                          [  OK  ]<br>
                          Starting HTTP Service<br>
                          Starting httpd:                        <wbr>                   
                          [FAILED]<br>
                          Failed to start HTTP Service<br>
                          Shutting down<br>
                          Stopping Kerberos 5
                          KDC:                          <wbr>         [ 
                          OK  ]<br>
                          Stopping Kerberos 5 Admin
                          Server:                       <wbr>   [  OK  ]<br>
                          Stopping ipa_memcached:                <wbr>                   
                          [  OK  ]<br>
                          Stopping httpd:                        <wbr>                   
                          [FAILED]<br>
                          Stopping pki-ca:                       <wbr>                   
                          [  OK  ]<br>
                          Shutting down dirsrv:<br>
                              <MYREALM>...                  <wbr>                 
                          [  OK  ]<br>
                              PKI-IPA...                    <wbr>                        
                          [  OK  ]<br>
                          Aborting ipactl<br>
                          <br>
                          # service ipa status<br>
                          Directory Service: STOPPED<br>
                          Failed to get list of services to probe
                          status:<br>
                          Directory Server is stopped<br>
                          ###<br>
                          <br>
                        </div>
                        <div>Do you know how to renew the SSL
                          certificate used for the IPA Server ?<br>
                          <br>
                        </div>
                        <div>Best regards.<br>
                          <br>
                        </div>
                        <div>Bahan<br>
                        </div>
                        <br>
                      </div>
                    </div>
                    <br>
                    <fieldset></fieldset>
                    <br>
                  </blockquote>
                  <br>
                  <br>
                </div>
              </div>
              Hello,<br>
              <br>
              please run<br>
              <br>
              # ipactl start --force<br>
              # getcert list (to detect which certificate is outdated, I
              suspect DS cert (or to get more info why it has not been
              renewed))<br>
              <br>
              If getcert does work (I'm not sure if ti is able to work
              without httpd), you probable need to move time back to
              past where cert is valid, start IPA and try again.<br>
              <br>
              Please find ID outdated certificate and try resubmit it
              (CA and DS must be running)<br>
              <br>
              # getcert resubmit -i 20160914122036 (use you ID :) )<br>
              <br>
              This should renew cert, check status with getcert list<br>
              <br>
              Move time back to future (if needed)<br>
              <br>
              Try to restart IPA<br>
              <br>
              Martin^2<br>
            </div>
          </blockquote>
        </div>
        <br>
      </div>
    </blockquote>
    <br>
  </body>
</html>