Hi Our VDSM certs have expired, both hosts are unassigned and can't be put into maintenance from UI. vdsm-client is not working, times out even with --insecure flag. Does host and port need to be specified when run locally or should defaults work? Error in console events is: Get Host Capabilities Failed: PKIX path validation failed... I followed a RHV guide for this exact situation and generated new vdsm certificate using the ovirt-engine CA. The new cert seems identical to the old one, everything matches (algos, extensions, CA, CN, SAN etc) just new date. After restarting libvirtd and vdsmd on the host with new cert in place the host is still not reachable. However, error message is now slightly different: get Host Capabilities failed: Received fatal error: certificate_expired Cert was replaced in the following locations: /etc/pki/vdsm/certs/vdsmcert.pem /etc/pki/vdsm/libvirt-spice/server-cert.pem /etc/pki/libvirt/clientcert.pem Is there another location missing? What else can I try? All help appreciated in advance