Hello,

I have read some posts about renewing ovirt CA on the engine when it has expired with engine-setup --offline, but nothing about renewing hosts certificates when they have expired.

In such a case, we can't interact anymore with hosts and vms are in an unknown state. The formal solution is to put the concerned host into maintenance and enroll certificate, but it implies to stop vms.

Here are some messages we can find

For those who are concerned, I wrote an ansible role following https://access.redhat.com/solutions/3532921

https://galaxy.ansible.com/natman/ovirt_renew_certs

Let me know if it fits to your needs.

-- 
Nathanaël Blanchet

Supervision réseau
SIRE
227 avenue Professeur-Jean-Louis-Viala
34193 MONTPELLIER CEDEX 5 	
Tél. 33 (0)4 67 54 84 55
Fax  33 (0)4 67 54 84 14
blanchet@abes.fr