Do not assume certmonger is running in httpinstance

https://fedorahosted.org/freeipa/ticket/4835

Reviewed-By: David Kupka <dkupka@redhat.com>

ipaserver/install/httpinstance.py

@@ -39,6 +39,7 @@ from ipaserver.install import sysupgrade
 from ipalib import api
 from ipaplatform.tasks import tasks
 from ipaplatform.paths import paths
+from ipaplatform import services
 
 
 SELINUX_BOOLEAN_SETTINGS = dict(
@@ -228,6 +229,12 @@ class HTTPInstance(service.Service):
             print "Adding Include conf.d/ipa-rewrite to %s failed." % paths.HTTPD_NSS_CONF
 
     def configure_certmonger_renewal_guard(self):
+        certmonger = services.knownservices.certmonger
+        certmonger_stopped = not certmonger.is_running()
+
+        if certmonger_stopped:
+            certmonger.start()
+        try:
             bus = dbus.SystemBus()
             obj = bus.get_object('org.fedorahosted.certmonger',
                                  '/org/fedorahosted/certmonger')
@@ -247,6 +254,9 @@ class HTTPInstance(service.Service):
                         helper = ' '.join(pipes.quote(a) for a in args)
                         ca_iface.Set('org.fedorahosted.certmonger.ca',
                                      'external-helper', helper)
+        finally:
+            if certmonger_stopped:
+                certmonger.stop()
 
     def __setup_ssl(self):
         fqdn = self.fqdn