Hi, I created a delivery service and later on realized it is in the wrong CDN. I then changed the CDN. The ssl-keys record in the riak kept referring to the old CDN, even if I generated new certificates. Traffic router was therefore unable to pull the certificate.
See issue 1847 <https://github.com/apache/incubator-trafficcontrol/issues/1847> A fix to this issue can be done by changing the code so the record in the Riak is updated along with the DS update. However, this does not really make sense - if the CDN has changed, the domain usually changes as well and the certificate is no longer valid. Therefore, I suggest to entirely block DS CDN change [see https://github.com/apache/incubator-trafficcontrol/pull/1872] . Additionally, I added a PR for ssl-keys deletion up-on DS deletion, so deleting the DS and recreating it would not cause similar issues. Would appreciate community input for other alternatives. Thanks, Nir