I moved the date before the expiring and restarted the services one by one as you listed
(systemctl restart dirsrv@my-domain, systemctl restart krb5kdc etc.)
then:
[root@ipa1 ~]# ipactl status
Directory Service: RUNNING
krb5kdc Service: RUNNING
kadmin Service: RUNNING
named Service: STOPPED (if I do systemctl status named it says running)
httpd Service: RUNNING
ipa-custodia Service: RUNNING
ntpd Service: RUNNING
pki-tomcatd Service: STOPPED
ipa-otpd Service: STOPPED
ipa-dnskeysyncd Service: STOPPED
ipa: INFO: The ipactl command was successful
pki-tomcatd failed to start:
# systemctl restart pki-tomcatd@ITEC-LAB
Job for pki-tomcatd(a)ITEC-LAB.service failed because the control process exited with error
code. See "systemctl status pki-tomcatd(a)ITEC-LAB.service" and "journalctl
-xe" for details.
# journalctl -xe
nov 17 18:22:31 ipa1.itec.lab systemd[1]: Unit pki-tomcatd(a)ITEC-LAB.service entered failed
state.
nov 17 18:22:31 ipa1.itec.lab audispd[24456]: node=ipa1.itec.lab type=SERVICE_START
msg=audit(1605637351.916:7091): pid=1 uid=0 auid=4294967295 ses=4294967295
msg='unit=pki-tomc
nov 17 18:22:31 ipa1.itec.lab systemd[1]: pki-tomcatd(a)ITEC-LAB.service failed.
nov 17 18:22:31 ipa1.itec.lab polkitd[30556]: Unregistered Authentication Agent for
unix-process:17970:71502359 (system bus name :1.1719, object path
/org/freedesktop/PolicyKit1