Skip to content

Replacing Certs

Lets Encrypt Certs

We need a valid cert for both the wildcard * and We have a role/task which covers the replacing of TLS certs on

A separate process is performed to request certs from LetsEncrypt, and stores the cacert/certs/key within the pkistore for

To deploy the certs to the cluster, we run the following playbook:


ansible-playbook playbooks/role-ocp-admin-node.yml --tags "tls, certs"

Resources: * [1] Certman Operator (looks like this requires HIVE[5] so not going to work) * [2] Changing the cert in OCP4 * [3] RHMI SOP for manually replacing certs on 3.11 cluster, many steps similar: * [4] Option Brian suggested: * [5] HIVE