[Freeipa-users] Re: IPA certs expired, pki-tomcatd fails to start

Manuel Gujo via FreeIPA-users wrote:

Hi Rob,

do I have to stop all the IPA services before i move back the date? Now I'm only moving back date and restarting certmonger.

It wouldn't hurt.

You absolutely need to restart things in the past because they can't run in current time with expired certs.

pki-tomcatd is failed so i can't stop/restart it

Then go back in the past and we can try to figure out why it won't start then. It won't start now due to expired certs.

You can't renew the certs without a working CA.

rob