Nss-ldap logs starttls failed after renewal of the root ca certificate

Hi everyone,

I have one UCS master and two UCS backups in my setup. Since they are running for almost 5 years the time came to renew the root certificate.
I followed the instructions
here Renewing the complete SSL certificate chain
and here: Renewing the SSL certificates.

Good news: All services seem to work just fine.

However, on all 3 instances I see repeatedly the following error log for nss-ldap:

nss-ldap: do_open: do_start_tls failed:stat=-1

e.g. I am using proftpd to provide SFTP file access for ucs users. Authentication is done directly via pam which accesses ldap through nss-ldap. Everytime someone logs in via SFTP the error is logged BUT the SFTP connection is working anyway.

Any idea what Iam missing ?

Mastodon