What should I do to update the cert on the Satellite/Agent side?

Mysteoa · November 28, 2025, 2:28pm

Hello

Due to some circumstances, I have to migrate our Master setup to new OS/VM. The current masters are using icinga2 version2.13.2-1 on Centos8 and the new Masters are using version 2.15.0-1 on Ubuntu 22.04. I could not keep the Hostnames of the new servers the same as the old, so I would need to update the certificates on all satellites/Agents.

The configuration and zones will stay the same. I would only need to update the Master hostnames in zones.conf and update the certificate.Currently my safe bet is just to re run Node Wizard.

I’m looking if there is a faster way to do that with the commands like “pki request“ and/or “pki save-cert“. From looking at the documentation, I’m not able to fully understand how to use them.

rivad · November 28, 2025, 2:42pm

Well, you could keep the name in zones.conf even if the hostname / IP changes.

Mysteoa · November 28, 2025, 3:13pm

I didn’t fully understand I could do that. I did inherited the old system, the previous maintainer left the company. So this was my first time deploying a master setup.

rivad · November 28, 2025, 3:19pm

It isn’t recommended but a choice as you can define a Icinga internal name for the nodes in zones.conf independent from the network reality but this comes with all caveats that such a divergence could cause - more thinking required if you’re debugging and the like.