Changing domain leaves old certificate on credhub

[kurtmc]

I am working on migrating from concourse-up to control tower and a I want to do the following.

1. Leave my concourse-up deployment deployed at myconcourse.example.com
2. Deploy a new concourse using control-tower at myconcourse-v2.example.com
3. Migrate pipelines across one by one
4. Leave both running a while just to access logs and history
5. Delete the concourse-up deployment
6. Change the domain for the control-tower deployment to myconcourse.example.com

I think that there is a problem with set 6. I have experimented deploying with control-tower to a domain for example: mytest-v2.example.com and then changing the domain in the deploy script to mytest.example.com and running again.

This successfully runs and changes the domains but the certificate used by credhub is the old one. So I get errors like this in my resources:

Finding variable 'ssh-private-key': Get https://mytest.example.com:8844/info: x509: certificate is valid for mytest-v2.example.com, not mytest.example.com

[danyoung]

Thanks for making us aware of this @kurtmc - we'll take a look and update the guide as appropriate, to give guidance on certs.