Bug 1258555 - backup-restore: unable to start httpd after restore (certificate expired ?)
backup-restore: unable to start httpd after restore (certificate expired ?)
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.2
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-31 11:50 EDT by Martin Bašti
Modified: 2015-08-31 11:56 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-31 11:56:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Martin Bašti 2015-08-31 11:50:43 EDT
Description of problem:
Unable to start httpd after ipa-restore

Steps to Reproduce:
1. yum install ipa-server ipa-server-dns
2. create snapshot
3. ipa-server-install --setup-dns
4. ipa-backup
5. revert snapshot
6. ipa-restore

Actual results:
httpd does not start

Expected results:
httpd will start


Additional info:



Aug 28 13:19:00 vm-124.example.com systemd[1]: Starting The Apache HTTP Server...
Aug 28 13:19:00 vm-124.example.com ipa-httpd-kdcproxy[3266]: ipa         : INFO     KDC proxy enabled
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 28 13:19:01 vm-124.example.com kill[3271]: kill: cannot find process ""
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 28 13:19:01 vm-124.example.com systemd[1]: Failed to start The Apache HTTP Server.
Aug 28 13:19:01 vm-124.example.com systemd[1]: Unit httpd.service entered failed state.
Aug 28 13:19:01 vm-124.example.com systemd[1]: httpd.service failed.


[Fri Aug 28 13:19:00.961152 2015] [core:notice] [pid 3267] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0
[Fri Aug 28 13:19:00.962572 2015] [suexec:notice] [pid 3267] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Fri Aug 28 13:19:00.962608 2015] [:warn] [pid 3267] NSSSessionCacheTimeout is deprecated. Ignoring.
[Fri Aug 28 13:19:01.436456 2015] [:error] [pid 3267] SSL Library Error: -8181 Certificate has expired
[Fri Aug 28 13:19:01.436508 2015] [:error] [pid 3267] Unable to verify certificate 'Server-Cert'. Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the problem can be resolved.
Comment 1 Rob Crittenden 2015-08-31 11:54:09 EDT
What are the dates in the Apache cert?

# certutil -L -d /etc/httpd/alias -n Server-Cert | egrep "Not [Before|After]"
Comment 2 Martin Bašti 2015-08-31 11:55:46 EDT
It was datetime issue on VM

Note You need to log in before you can comment on or make changes to this bug.