3.4. Renewing certificates before they expire
Red Hat Virtualization certificates now follow a standard 398 day lifetime and must be renewed once per year.
Do not let certificates expire. If they expire, the host and Manager stop responding, and recovery is an error-prone and time-consuming process.
Renew the host certificates:
- In the Administration Portal, click Compute → Hosts.
- Click Management → Maintenance and then click OK. The virtual machines should automatically migrate away from the host. If they are pinned or otherwise cannot be migrated, you must shut them down.
- When the host is in maintenance mode and there are no more virtual machines remaining on this host, click Installation → Enroll Certificate.
- When enrollment is complete, click Management → Activate.
Renew the Manager certificates:
Self-hosted engine only: log in to the host and put it in global maintenance mode.
# hosted-engine --set-maintenance --mode=global
Self-hosted engine and standalone Manager: log in to the Manager and run
# engine-setup --offline
engine-setupscript prompts you with configuration questions. Respond to the questions as appropriate or use an answers file.
Yesafter the following
Renew certificates? (Yes, No) [Yes]:
Self-hosted engine only: log in to the host and disable global maintenance mode:
# hosted-engine --set-maintenance --mode=none