Yes, that is the exact guide I followed.
I can now actually use vdsm-client on each host after cert swap but ovirt-engine still can't establish connection.

I had to manually generate the apache certs to get into the UI console at the beginning and that was successful.

Is there a specific cert that ovirt-engine uses for mTLS handshahe?

Did you also try these?

mgr cert expired https://access.redhat.com/solutions/4780411
host cert expired https://access.redhat.com/solutions/3532921
Another one for host cert expiration https://access.redhat.com/solutions/6215911
manually connect to guest VM  https://access.redhat.com/solutions/3830921

I refer to these to fix my certs. Not sure if you can find the useful info you want?

Patrick