OEM stopped working and start failed with webtier could not be started

Suddenly Oracle Enterprise Manager - oem stopped working and when we are trying to start it appears error: 

$emctl start oms
Oracle Enterprise Manager Cloud Control 13c Release 5
Copyright (c) 1996, 2021 Oracle Corporation. All rights reserved.
Starting Oracle Management Server...
WebTier Could Not Be Started.
Error Occurred: WebTier Could Not Be Started.

Oracle provides a default wallet and self-signed certificate Out-Of-The-Box that is used to test the functionality of SSL.

These Self-Signed Certificates will expire after some time and can prevent OHS from starting. This document is provided

to provide a simple method to recreate this wallet.

Solution: 

1. Stop OHS(and AdminServer if collocated. Next, move ${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default/cwallet.sso

to cwallet.sso.expired. Basically rename it as it will be recreated.

Example:

$ pwd
$DOMAIN_HOME_PATH/config/fmwconfig/components/OHS/ohs1/keystores/default

$ mv cwallet.sso cwallet.sso.expired

2. Make sure orapki is in the $PATH variable.

Check to see if orapki is in the $PATH Environment Variable:

$ which orapki

Add it to the beginning of the $PATH environmental variable:

$ export PATH=$OMS_HOME/oracle_common/bin:$PATH

4. Execute the following commands from the directory where the old one was renamed. i.e. ${ORACLE_INSTANCE}/config/fmwconfig/components/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default/

$ orapki wallet create -wallet . -auto_login_only (NOTE: The dot (.) is specified here as the Present Working Directory.)
Example output:

Oracle PKI Tool : Version 12.2.1.2.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.

- $ ls
cwallet.sso cwallet.sso.expired cwallet.sso.lck

5. Now recreate the self-signed certificate using the same DN used in the original wallet.

$ orapki wallet add -wallet . -dn 'CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY' -keysize 2048 -self_signed -validity 3650 -auto_login_only
(NOTE: The dot (.) is specified here as the Present Working Directory.)
Example output:

Oracle PKI Tool : Version 12.2.1.2.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Operation is successfully completed.

6. Now check the wallet with the display command:

$ orapki wallet display -wallet . (NOTE: The dot (.) is specified here as the Present Working Directory.)
Example output:

Oracle PKI Tool : Version 12.2.1.2.0
Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY
Trusted Certificates:
Subject: CN=localhost,OU=FOR TESTING ONLY,O=FOR TESTING ONLY

$ openssl x509 -in server.cer -noout -text
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
9a:a0:bb:e2:f5:ff:3b:e8:8d:46:7a:ac:18:f3:89:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: O=FOR TESTING ONLY, OU=FOR TESTING ONLY, CN=localhost
Validity
Not Before: Nov 17 15:45:08 2020 GMT
Not After : Nov 15 15:45:08 2030 GMT

7. Now that a new, self-signed certificate/wallet has been created, in the same directory where the old one was renamed, OHS(and AdminServer if Collocated) can be restarted successfully.