Yes as long as you rerun engine-setup it should renew the internal CA and it's certs, even if you don't actually upgrade the engine.
-Patrick Hibbs On Fri, 2022-10-14 at 08:40 +0100, [email protected] wrote: > Thanks Patrick. > > We're not planning to upgrade the engine yet, would this solution > still > be valid if I re-run the engine-setup process without upgrading to > 4.5? > > Thanks again. > > El 2022-10-13 19:17, Patrick Hibbs escribió: > > Hello, > > > > That means the engine certificate signed by the internal engine CA > > is > > about to expire. (It's used to communicate with VDSM and VNC > > connections.) > > > > The engine should auto renew it during the next upgrade. If you > > have > > downtime, you can renew it manually by rerunning engine-setup on > > the > > engine host. > > > > The custom cert you give to apache is not affected by this renewal, > > but > > the engine will start having issues if it's internal cert isn't > > renewed. > > > > Do keep in mind that some users have reported having issues when > > renewing this cert, (engine-setup not actually renewing it > > properly, > > hosts loosing connectivity, etc.) so I would plan on there being a > > complete service interruption, e.g. all VMs inaccessible / down, > > during > > the renewal process. (Maybe do it over a weekend.) > > > > -Patrick Hibbs > > > > On Thu, 2022-10-13 at 11:14 +0100, [email protected] wrote: > > > Hi, > > > > > > I'm running oVirt 4.4 and recently I got a message in the events > > > list > > > like this: > > > > > > Engine's certification is about to expire at 2022-10-30. > > > Please > > > renew > > > the engine's certification. > > > > > > What does that exactly mean? And how can it be renewed? > > > > > > I'm using a custom TLS certificate both for web access and > > > websocket > > > proxy. Does it need to be renewed anyways? > > > > > > Thanks. > > > _______________________________________________ > > > Users mailing list -- [email protected] > > > To unsubscribe send an email to [email protected] > > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > > oVirt Code of Conduct: > > > https://www.ovirt.org/community/about/community-guidelines/ > > > List Archives: > > > https://lists.ovirt.org/archives/list/[email protected]/message/Y6VVJOL47YPYGNMXXWUK24F752PRKMLV/ > > > > _______________________________________________ > > Users mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > > Privacy Statement: https://www.ovirt.org/privacy-policy.html > > oVirt Code of Conduct: > > https://www.ovirt.org/community/about/community-guidelines/ > > List Archives: > > https://lists.ovirt.org/archives/list/[email protected]/message/SK4HD755QPUFVXOWPIJ56NMM5F65GP6N/ > _______________________________________________ > Users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/[email protected]/message/QM3CTGTR566MBD5HBMZKW4GR7NHWXWCQ/ _______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/7GEQ5GUWJUUZSNAZFBS4XUWUBUM4VJME/
