π ~1 min read
Table of contents
Symptom & Impact
Cockpit UI on port 9090 is inaccessible, reducing operational visibility and remote administration capability.
Environment & Reproduction
After replacing certificates on RHEL 8, browser sessions fail while cockpit.socket appears enabled.
Root Cause Analysis
Invalid cert/key permissions, mismatched private key, or firewalld changes block cockpit startup or access.
Quick Triage
Check systemctl status cockpit and cockpit.socket, plus journalctl -u cockpit for TLS parsing errors.
Step-by-Step Diagnosis
Validate certificate chain, key ownership, SELinux context, and port exposure via firewall-cmd.
Solution – Primary Fix
Install matching cert/key pair with correct labels, restart cockpit services, and allow cockpit service in firewalld.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Temporarily use default self-signed cert for recovery while enterprise PKI issues are corrected.
Verification & Acceptance Criteria
Browser access succeeds, TLS chain validates, and cockpit logs remain free of handshake errors.
Rollback Plan
Restore previous certificate bundle and associated permissions if new chain causes compatibility issues.
Prevention & Hardening
Automate certificate renewal tests and enforce policy checks before reloading cockpit in production.
Related Errors & Cross-Refs
Related to chrony clock drift, DNS name mismatch, and SELinux labeling mistakes.
Related tutorial: View the step-by-step tutorial for rhel-8.
View all rhel-8 tutorials on the Tutorials Hub β
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Use RHEL 8 Cockpit administration and certificate management documentation from Red Hat.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β we respond within one business day.
