Closed ramonskie closed 5 years ago
all certs that need to renewed /credhub_ca /credhub_tls /vault-proxy_tls: //nats_clients_director_tls /nats_ca /nats_clients_health_monitor_tls /nats_server_tls /mbus_bootstrap_ssl /atc_ssl /blobstore_ca /blobstore_server_tls /director_ssl /token_signing_key /uaa_jwt_signing_key /worker_key /uaa_ssl /uaa_service_provider_ssl /tsa_host_key
after renewe certs. all bosh created vms are in a flux state due to the fact that the agent cannot connect connect with nats due to changed certificates.
on each deployment a bosh cck -d YourDeployment
should be run
the ability to recreate expired certificates. it should be as simple as updating the state/cred.yml
echo "$(bosh int state/creds.yml -o <(echo -e "- type: remove\n path: /credhub_ca"))" > state/creds.yml
bucc up
something like this