Freeipa - Change ServerName in httpd broken it


Got another question.
So, when first time installing Freeipa I didn’t touch the ServerName in httpd.


After sometime, I realize it and want to change it.
When I tried to change my hostname, it broke the Freeipa.
Check the log said about httpd.key

AH02564: Failed to configure encrypted (?) private key host.server.comm:443:0, check /var/lib/ipa/private/httpd.key

What can I see is, when change the ServerName, the private key is not valid again.
Freeipa web ui will not run and ipa cli is error too.
Can’t find any tutorial in internet about it.

Any advice will be very appreciate.

Thank you

I recommend not changing the server name. FreeIPA manages all of these pieces and components, so changing anything will inevitably break said components. Revert any changes you have made in httpd.

If you want to change the name of the only server, at a high level you need to add a new replica, and decommission the old one.

I see, in article said host name but in http.conf is ServerName, is it same?

When in httpd used blank for ServerName, is the ServerName choose the name from hostname?
If yes, why changing the ServerName in httpd with same in hostname broke the Freeipa?

Because for hostname, I set it first time before installing Freeipa.

Thank you

Httpd will by default use the system’s hostname as the server name if not explicitly set. This being the case, changing the server name of httpd will break the configuration set by the IPA installation. This is because consistency between the kerberos keytab, directory server, DNS, and others is absolutely required when it comes to the hostname. There is no way around this and I don’t recommend trying to make any changes to httpd beyond what IPA does.

Again, if you want to change the name, that requires a new replica and decommissioning the old server.


I see, so need make new replica then decommissioning the old server.

Thank you for the explanation.