Unable to access the GUI of Palo Alto device

• Unable to access Web-GUI, from Google Chrome the error message is 'ERR_CONNECTION_REFUSED'

• System logs show 'websrvr' process exits frequently

>show log system direction equal backward

2023/04/12 07:25:55 high     general        general 0  websrvr: Exited 4 times, waiting 120 seconds to retry
2023/04/12 07:23:53 high     general        general 0  websrvr: Exited 4 times, waiting 120 seconds to retry

• System logs generate critical crypto errors for the certificate key expiry

>show log system direction equal backward

2023/04/12 07:23:30 critical crypto         cert-ex 0  Shared certificate device-mgmt and corresponding key have expired

• 'masterd.log' show 'websrvr' restart triggered by web certificate expiry

> grep pattern websrvr mp-log masterd.log

2023-04-12 07:23:32.788 +0000 INFO: websrvr: User restart reason -triggered_by_web_certificate_expiry

• Palo Alto Firewalls
• Supported PAN-OS device
• Certificate Profile configured for Web UI access
• 'Certificate Expiration Check' is enabled.

• The certificate configured to secure Web-GUI access was expired.
• 'websrvr' process is not allowed to run on an expired certificate. 
• When checking for the certificate it displays expired (GUI: Device > Certificate Management > Certificates > Device Certificates)

• This is the exact certificate used for web access under SSL/TLS Service Profile (GUI: Device > Certificate Management > SSL/TLS Service Profile)

1. To regain access to Web-GUI, restart the management-server process
   • debug software restart process management-server
2. Renew or Replace the expired cert
   • How to Renew or Replace an Expired Certificate

1. Delete the SSL/TLS Service profile configured to secure Web-GUI.

>configure
#delete deviceconfig system ssl-tls-service-profile
#commit
#exit