re-deploying a new SSL cert

[aterreno]

Hi, first of all, congrats with concourse-up, it's brilliant software, infrastructure built as it should be.

We are in a bit of an awkward situation, I've created the cluster with a wrong certificate, which is expired now and I'd like to replace it with a new one.

Ideally, I'd use the AWS one, but as I read here https://github.com/EngineerBetter/concourse-up/issues/24 it's not straightforward, so I am fine creating a new one with let's encrypt or use a self-signed.

But how? Do I have to tear down the whole thing and start it again?

Will I have to setup again all the pipelines or there's a way to just tear down the web worker?

Thanks, and sorry if I missed some docs explaining this, please point me to those!

[peterellisjones]

Hi @aterreno it should just be a case of running the deploy command again with the same flags you used last time, but add in the flags --tls-cert, --tls-key (these should be the actual strings, rather than paths to files eg --tls-cert "$(cat cert.pem)") and --domain. BOSH will update the deployment with the new configuration

[aterreno]

Thanks for the quick reply @peterellisjones - Embarrassingly simple to solve, I didn't put between quotes the $(cat cert.pem) and I was getting weird errors around S3 Buckets naming!