Description of problem:
Unable to renew undercloud SSL certificate.

Version-Release number of selected component (if applicable):
instack-0.0.8-2.el7ost.noarch
instack-undercloud-2.2.7-4.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:

1. Generate self signed certificate according to the docs 

openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365
cat cacert.pem privkey.pem > undercloud.pem
sudo mkdir /etc/pki/instack-certs
sudo cp undercloud.pem /etc/pki/instack-certs
sudo semanage fcontext -a -t etc_t "/etc/pki/instack-certs(/.*)?"
sudo restorecon -R /etc/pki/instack-certs
sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

2. Adjust undercloud.conf
undercloud_service_certificate = /etc/pki/instack-certs/undercloud.pem

3. Install undercloud
openstack undercloud install

4. Regenerate certificate
openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 365
cat cacert.pem privkey.pem > undercloud.pem
sudo cp undercloud.pem /etc/pki/instack-certs
sudo semanage fcontext -a -t etc_t "/etc/pki/instack-certs(/.*)?"
sudo restorecon -R /etc/pki/instack-certs
sudo cp cacert.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract

5. Rerun undercloud install
openstack undercloud install

Actual results:

Error: /Stage[main]/Swift::Keystone::Auth/Keystone::Resource::Service_identity[swift]/Keystone_user[swift]: Could not evaluate: Execution of '/bin/openstack token issue --format value' returned 1: SSL exception connecting to https://192.0.2.2:13000/v3/auth/tokens: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)

Expected results:
The installation completes succesfully by reloading haproxy with the new certificate.

Additional info:

Workaround: 
Before step 5 run 'sudo systemctl restart haproxy'