Bug 1258555

Summary: backup-restore: unable to start httpd after restore (certificate expired ?)
Product: Red Hat Enterprise Linux 7 Reporter: Martin Bašti <mbasti>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED NOTABUG QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-31 15:56:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Bašti 2015-08-31 15:50:43 UTC 
Description of problem:
Unable to start httpd after ipa-restore

Steps to Reproduce:
1. yum install ipa-server ipa-server-dns
2. create snapshot
3. ipa-server-install --setup-dns
4. ipa-backup
5. revert snapshot
6. ipa-restore

Actual results:
httpd does not start

Expected results:
httpd will start


Additional info:



Aug 28 13:19:00 vm-124.example.com systemd[1]: Starting The Apache HTTP Server...
Aug 28 13:19:00 vm-124.example.com ipa-httpd-kdcproxy[3266]: ipa         : INFO     KDC proxy enabled
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 28 13:19:01 vm-124.example.com kill[3271]: kill: cannot find process ""
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 28 13:19:01 vm-124.example.com systemd[1]: Failed to start The Apache HTTP Server.
Aug 28 13:19:01 vm-124.example.com systemd[1]: Unit httpd.service entered failed state.
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service failed.


[Fri Aug 28 13:19:00.961152 2015] [core:notice] [pid 3267] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Aug 28 13:19:00.962572 2015] [suexec:notice] [pid 3267] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 28 13:19:00.962608 2015] [:warn] [pid 3267] NSSSessionCacheTimeout is deprecated. Ignoring.
[Fri Aug 28 13:19:01.436456 2015] [:error] [pid 3267] SSL Library Error: -8181 Certificate has expired
[Fri Aug 28 13:19:01.436508 2015] [:error] [pid 3267] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Comment 1 Rob Crittenden 2015-08-31 15:54:09 UTC 
What are the dates in the Apache cert?

# certutil -L -d /etc/httpd/alias -n Server-Cert | egrep "Not [Before|After]"
Comment 2 Martin Bašti 2015-08-31 15:55:46 UTC 
It was datetime issue on VM