Hi Rob,
so in "/etc/dirsrv/slapd-ITEC-LAB/dse.ldif", nsslapd-port was '0' and nsslapd-security was off, I fixed it and now it's listening on port 389 and 636:
# netstat -tulpn | grep LISTEN | grep ns-slapd tcp6 0 0 :::636 :::* LISTEN 30606/ns-slapd tcp6 0 0 :::389 :::* LISTEN 30606/ns-slapd
Then I tried to restart all the ipactl services one by one. pki-tomcatd keeps failing and /var/log/pki/pki-tomcat/ca/debug does not log anymore (last log is the one i sent you above, 31 Dec 2019)
I resubmitted all the expired certs and restarting cermonger but certs keep being unreachable.
from certmonger logs:
nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: Forwarding request to dogtag-ipa-renew-agent nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: GET http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit?profileId=caServerCert&... nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-renew-agent-submit[31183]: (null) nov 17 18:11:47 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30764]: dogtag-ipa-renew-agent returned 3 nov 17 18:11:47 ipa1.itec.lab certmonger[30685]: 2020-11-17 18:11:47 [30685] Error 7 connecting to http://ipa1.itec.lab:8080/ca/ee/ca/profileSubmit: Couldn't connect to server.
in certmonger's log I also saw these:
nov 17 18:11:01 ipa1.itec.lab dogtag-ipa-ca-renew-agent-submit[30741]: Traceback (most recent call last): File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 533, in <module> sys.exit(main()) File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 495, in main api.finalize() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 740, in finalize self.__do_if_not_done('load_plugins') File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 431, in __do_if_not_done getattr(self, name)() File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 620, in load_plugins self.add_package(package) File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 647, in add_package module = importlib.import_module(name) File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module __import__(name) File "/usr/lib/python2.7/site-packages/ipaserver/plugins/server.py", line 32, in <module> from ipaserver.install import bindinstance, dnskeysyncinstance File "/usr/lib/python2.7/site-packages/ipaserver/install/dnskeysyncinstance.py", line 17, in <module> from ipaserver import p11helper as _ipap11helper File "/usr/lib/python2.7/site-packages/ipaserver/p11helper.py", line 342, in <module> _libp11_kit = _ffi.dlopen(ctypes.util.find_library('p11-kit')) File "/usr/lib64/python2.7/ctypes/util.py", line 244, in find_library return _findSoname_ldconfig(name) or _get_soname(_findLib_gcc(name)) File "/usr/lib64/python2.7/ctypes/util.py", line 233, in _findSoname_ldconfig f = os.popen('/sbin/ldconfig -p 2>/dev/null') OSError: [Errno 12] Cannot allocate memory