Captive Portal page fails to load due to l3svc process being stopped

• Captive Portal page fails to load.
• CLI command show system software status reports l3svc process being stopped.
• The Process ID for l3svc changes 2 to 3 times and then, it stops again.

Process l3svc stopped (pid: -1) - Exit Code: 1 <<<<<<<<<<<<<

• Palo Alto Firewalls
• PAN-OS 10.1.x, 10.2.x
• Captive Portal

• The issue is caused when a new certificate is imported without a private key to replace an expired certificate referenced in the SSL/TLS service profile for Captive Portal.
• The import certificate replacement works since the leftover private key from the original certificate is still present on the firewall.
• When the new imported certificate needs to be used, its private key is mismatched with left over private key, hence causing l3svc process to not start.

1. PAN-177939 fixes the above issue in PAN-OS 10.1.9 and later where such certificates cannot be imported.
2. Upgrade to the above version or later will fix the issue.

1. Check if the server certificate used has the correct private key.
2. If not, remove from the SSL/TLS service profile related to Captive Portal and delete the certificate
3. Commit the change
4. Reimport the server certificate with private key and add it back to the SSL/TLS service profile for Captive Portal
5. Check if l3svc process is running. If not, please restart the device-server and L3svc process with following commands:

> debug software restart process device-server
> debug software restart process l3-service