On Fri, 9 Jun 2017, I wrote:
In short, that didn't go particularly well at all, which in some
me back to the original as-yet-unanswered deployment question:
Is trying to do this with an external CA worth the pain?
Three attempts at this question, and zero answers...
Can I at least get a yes or no on whether external CA certificate renewal
has ever been tested when that certificate is nearing expiration?
I just duplicated last week's result using an earlier snapshot of the same
VM and a renewed CA cert with a 3-day validity. certmonger ignored every
other cert that it already renewed once with the original CA; whole system
is hosed after the original cert expires. It's probably possible to
recover by manually replacing every certificate, but I haven't had time to