Renewing SSL certs on 2.6 Containerized w/o running the installer?
I know what the official RH docs say, but I think it's dumb so I'm here to ask; Has anyone been able to replace tls files (cert and key) for certificate renewals on the containerize AAP 2.6 platform without running the installer?
I'm talking just the main platform url, the Gateway's url.
EDIT
In my environment, I created a SAN cert using LE to cover themain url and each hosts fqdn.. there were reasons at the time but honestly right now I can't remember. Regardless, specifying thesame cert for each role is supported.
So under /home/*aap_user*/aap/*role*/etc on all 8 hosts the custom cert exists as gateway.cert, tower.cert, pulp.cert and eda.cert. (.key files exist in the same place too)
EDIT2
The tasks named `tls.yml` for each Role simply copies the specified {{ role_tls_cert }} and {{role_tls_key }} from the src which would be. defined in the inventory file, to {{ role_conf_dir }}/role.cert (role.key)
So logically yes, putting hte two new files on each hosts Config directory (/home/aap_installer_user/aap/*role*/etc/name.cert and name.key) is def step 1. Well after backing up the existing files obviously, lol.
EDIT3
So edit2, then bounced all container services (under the user scope, my new cert in in play and all services are testing good.