<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style>
</head>
<body ocsi="0" fpstyle="1">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;"><font size="3">Hello,<br>
<br>
My Freeipa server stopped working over the weekend due to what looks like expired certificates.  I am running ipa-server 3.0 and thought these certs were automatically renewed.  I am no expert at KDC / IPA and any help you can give is greatly appreciated.
<br>
<br>
When I try to start the ipa service on my server I get:</font><br>
<br>
root@aurora ~]# /sbin/service ipa start<br>
Starting Directory Service<br>
Starting dirsrv:<br>
    LINUX-DIRSRV-LOCAL...[28/May/2014:10:23:33 -0400] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's Certificate has expired.)<br>
                                                           [  OK  ]<br>
    PKI-IPA...[28/May/2014:10:23:34 -0400] - SSL alert: CERT_VerifyCertificateNow: verify certificate failed for cert Server-Cert of family cn=RSA,cn=encryption,cn=config (Netscape Portable Runtime error -8181 - Peer's Certificate has expired.)<br>
                                                           [  OK  ]<br>
Starting KDC Service<br>
Starting Kerberos 5 KDC:                                   [  OK  ]<br>
Starting KPASSWD Service<br>
Starting Kerberos 5 Admin Server:                          [  OK  ]<br>
Starting MEMCACHE Service<br>
Starting ipa_memcached:                                    [  OK  ]<br>
Starting HTTP Service<br>
Starting httpd: [Wed May 28 10:23:36 2014] [warn] _default_ VirtualHost overlap on port 443, the first has precedence<br>
                                                           [FAILED]<br>
Failed to start HTTP Service<br>
Shutting down<br>
Stopping Kerberos 5 KDC:                                   [  OK  ]<br>
Stopping Kerberos 5 Admin Server:                          [  OK  ]<br>
Stopping ipa_memcached:                                    [  OK  ]<br>
Stopping httpd:                                            [FAILED]<br>
Stopping pki-ca:                                           [  OK  ]<br>
Shutting down dirsrv:<br>
    LINUX-DIRSRV-LOCAL...                                  [  OK  ]<br>
    PKI-IPA...                                             [  OK  ]<br>
Aborting ipactl<br>
<br>
<font size="3">Of course kinit also fails with: </font>kinit: Cannot contact any KDC for realm 'LINUX.DIRSRV.LOCAL' while getting initial credentials<br>
<br>
<font size="3">Can someone help me get back on my feet?  Luckily there are not many students around in the summer so I just have 20 annoyed faculty instead of 200 annoyed students to placate.<br>
<br>
Thanks!<br>
<br>
<br>
<br>
-----------------------------------------------<br>
David Fitzgerald<br>
Adjunct Professor<br>
Department of Earth Sciences<br>
Millersville University <br>
Millersville, PA 17551<br>
<br>
E-mail: david.fitzgerald@millersville.edu<br>
PH: 717-871-2394<br>
</font><br>
</div>
</body>
</html>