[ovirt-users] Re: oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates

Dear Nathanael, Thank you very much for you reply. Regarding host expiration playbook you wrote – my compliments – is it safe to run on host with expired certificates, or its rather meant to be executed for renewal of certs on hosts with still valid certs?

We have also found following script which should at least safely take care of the renewal of certs on host with already expired certificates - . https://github.com/tothf/renew_vdsm_cert/blob/main/renew_vdsm_cert.sh ----- kind regards/met vriendelijke groeten Marko Vrgotic Sr. System Engineer @ System Administration ActiveVideo *o: *+31 (35) 6774131 *m: +*31 (65) 5734174** *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com> *w: *www.activevideo.com <http://www.activevideo.com> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein 1.1217 WJ Hilversum, The Netherlands. The information contained in this message may be legally privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and delete or destroy any copy of this message. *From: *Nathanaël Blanchet <blanchet(a)abes.fr&gt; *Date: *Thursday, 16 June 2022 at 14:40 *To: *Marko Vrgotic <M.Vrgotic(a)activevideo.com&gt;, users(a)ovirt.org <users(a)ovirt.org&gt; *Subject: *Re: [ovirt-users] oVirt 4.4.x step-by-step procedure to renew expired oVirt certificates ***CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender!!!*** Hello, If you refer to: 1. engine apache certificate expiration ("PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:) to access to ovirt console. => engine-setup --offline 2. hosts certificate expiration? => https://access.redhat.com/solutions/3532921 <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Faccess.... I also wrote a playbook to do so there: https://galaxy.ansible.com/natman/ovirt_renew_certs <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgalaxy.... In this case, don't forget to renew certificate with UI (into maintenance) when host is reponding, otherwise you may enconter issues with console or live migration or other SSL related stuff. tested and approved. Le 16/06/2022 à 12:34, Marko Vrgotic a écrit : Dear oVirt, The oVirt SSL certificated were changed to one-year renewal and we have a problem now. We are running 4.4.x version with SHE on local storage cluster and we have four more local storage clusters. One the cluster running SHE, the engine and host certificates have expired. We found the procedure for renewal prior to expiration, but we do not have a mnual one, required once certificates have expired. Would you be so kind to share the manual or steps needed to fix our oVirt setup. Thank you in advance. ----- kind regards/met vriendelijke groeten Marko Vrgotic Sr. System Engineer @ System Administration ActiveVideo *o: *+31 (35) 6774131 *m: +*31 (65) 5734174 *e:*m.vrgotic@activevideo.com <mailto:m.vrgotic@activevideo.com> *w: *www.activevideo.com <http://www.activevideo.com> ActiveVideo Networks BV. Mediacentrum 3745 Joop van den Endeplein 1.1217 WJ Hilversum, The Netherlands. The information contained in this message may be legally privileged and confidential. It is intended to be read only by the individual or entity to whom it is addressed or by their designee. If the reader of this message is not the intended recipient, you are on notice that any distribution of this message, in any form, is strictly prohibited.  If you have received this message in error, please immediately notify the sender and/or ActiveVideo Networks, LLC by telephone at +1 408.931.9200 and delete or destroy any copy of this message. _______________________________________________ Users mailing list --users(a)ovirt.org To unsubscribe send an email tousers-leave(a)ovirt.org Privacy Statement:https://www.ovirt.org/privacy-policy.html <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi... oVirt Code of Conduct:https://www.ovirt.org/community/about/community-guidelines/ <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ovi... List Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/5L... <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.o... -- Nathanaël Blanchet Supervision réseau SIRE 227 avenue Professeur-Jean-Louis-Viala 34193 MONTPELLIER CEDEX 5 Tél. 33 (0)4 67 54 84 55 Fax  33 (0)4 67 54 84 14 blanchet(a)abes.fr