i renewd kdc.key and kdc.crt as below:
sudo ipa-pkinit-manage disable sudo rm -f /var/kerberos/krb5kdc/kdc.crt sudo rm -f /var/kerberos/krb5kdc/kdc.key
sudo ipa-pkinit-manage enable -->this will generate new certificates
sudo systemctl start krb5kdc sudo systemctl start kadmin