i renewd kdc.key and kdc.crt as below:
sudo ipa-pkinit-manage disable
sudo rm -f /var/kerberos/krb5kdc/kdc.crt
sudo rm -f /var/kerberos/krb5kdc/kdc.key
sudo ipa-pkinit-manage enable -->this will generate new certificates
sudo systemctl start krb5kdc
sudo systemctl start kadmin