Document URL: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html/installing_satellite_server_from_a_connected_network/performing-additional-configuration#configuring-satellite-custom-server-certificate_satellite same for 6.11 and 6.12 Section Number and Name: In section 4.12 Describe the issue: Overall health check should be run to ensure hostname and other services etc are all in place before replacing the custom SSL certificates. Suggestions for improvement: Add a note to run #foreman-maintain health check before renewal of custom SSL certs. for 6.11 and 6.12 respectively. Additional information: If the hostname is not changed and is not uniform across all config files, installer fails and the only option is to rebuild from Scratch.
(In reply to Vedashree Deshpande from comment #0) > Overall health check should be run to ensure hostname and other services etc > are all in place before replacing the custom SSL certificates. This is not something we'll do, because the health check may fail due to expired certificates. The procedure to replace custom SSL certificates is then supposed to resolve that situation. Since foreman-installer 2.3.0 (IIRC that was Satellite 6.9) we do verify the certificates, regardless of which options were passed so they should always be checked. > Additional information: > If the hostname is not changed and is not uniform across all config files, > installer fails and the only option is to rebuild from Scratch. I don't understand this. Why is this? It should never be needed to rebuild from scratch because of incorrect configs: the installer is supposed to always write out the desired config, regardless of the current system state. I was going to close this as WONTFIX, but I'd first like to understand what made you think a rebuild from Scratch would be needed.