Hello,
I'm on Centos8 with freeipa installed from several month in lxc container (2 containers with replication). I've intalled custom certificates from letsencrypt for httpd and slapd and they're valid till january 2021. Yesterday, I restarted the containers and on both, Directory service failed to start. The log is below. Can someone help me to find the right direction to solve it ? All my services heavely depends on it :-(
Thanks by advance,
Paul-Henri
[30/Nov/2020:08:16:06.423512539 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES
[30/Nov/2020:08:16:06.440854922 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.469627909 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES
[30/Nov/2020:08:16:06.499234923 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.526831242 +0000] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[30/Nov/2020:08:16:06.555048556 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES
[30/Nov/2020:08:16:06.591310772 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.653648267 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES
[30/Nov/2020:08:16:06.686970459 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.716504472 +0000] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[30/Nov/2020:08:16:06.773674674 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher AES
[30/Nov/2020:08:16:06.807784636 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.848156076 +0000] - ERR - attrcrypt_unwrap_key - Failed to unwrap key for cipher 3DES
[30/Nov/2020:08:16:06.881073427 +0000] - ERR - attrcrypt_cipher_init - Symmetric key failed to unwrap with the private key; Cert might have been renewed since the key is wrapped. To recover the encrypted contents, keep the wrapped symmetric key value.
[30/Nov/2020:08:16:06.910055086 +0000] - ERR - attrcrypt_init - All prepared ciphers are not available. Please disable attribute encryption.
[30/Nov/2020:08:16:06.974353372 +0000] - ERR - schema-compat-plugin - scheduled schema-compat-plugin tree scan in about 5 seconds after the server startup!
[30/Nov/2020:08:16:07.039826294 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=groups,cn=compat,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.152097703 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=computers,cn=compat,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.172262353 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ng,cn=compat,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.204863801 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target ou=sudoers,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.215156151 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=users,cn=compat,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.216821135 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.219650834 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.238011898 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.249040534 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.274750517 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.283165976 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.290449211 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.309211301 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.344580813 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.371243332 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.381258115 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=vaults,cn=kra,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.442193236 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=ad,cn=etc,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.464066203 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.479286324 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=casigningcert cert-pki-ca,cn=ca_renewal,cn=ipa,cn=etc,dc=hoah,dc=ch does not exist
[30/Nov/2020:08:16:07.594646290 +0000] - WARN - NSACLPlugin - acl_parse - The ACL target cn=automember rebuild membership,cn=tasks,cn=config does not exist
[30/Nov/2020:08:16:07.629034110 +0000] - ERR - cos-plugin - cos_dn_defs_cb - Skipping CoS Definition cn=Password Policy,cn=accounts,dc=hoah,dc=ch--no CoS Templates found, which should be added before the CoS Definition.
[30/Nov/2020:08:16:07.651839151 +0000] - ERR - ipalockout_get_global_config - [file ipa_lockout.c, line 178]: krb5_init_context failed (-1429577697)
[30/Nov/2020:08:16:07.685167130 +0000] - ERR - ipaenrollment_start - [file ipa_enrollment.c, line 398]: krb5_init_context failed
[30/Nov/2020:08:16:07.713369817 +0000] - ERR - ipapwd_start - [file ipa_pwd_extop.c, line 1857]: krb5_init_context failed