Hello, It sort of worked and I have the server up, but the host is showing as “Unsecure” and when I try and provision the keys I can see this in the log
2025-07-27 15:35:47,383 WARN [cloud.agent.Agent] (CertificateRenewalTask-1:[])
(logid:) Failed to execute post certificate renewal command:
java.lang.IllegalStateException: Shutdown in progress
at
java.base/java.lang.ApplicationShutdownHooks.remove(ApplicationShutdownHooks.java:82)
at java.base/java.lang.Runtime.removeShutdownHook(Runtime.java:245)
at
com.cloud.agent.Agent$PostCertificateRenewalTask.runInContext(Agent.java:1268)
at
org.apache.cloudstack.managed.context.ManagedContextTimerTask$1.runInContext(ManagedContextTimerTask.java:30)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable$1.run(ManagedContextRunnable.java:49)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext$1.call(DefaultManagedContext.java:56)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.callWithContext(DefaultManagedContext.java:103)
at
org.apache.cloudstack.managed.context.impl.DefaultManagedContext.runWithContext(DefaultManagedContext.java:53)
at
org.apache.cloudstack.managed.context.ManagedContextRunnable.run(ManagedContextRunnable.java:46)
at
org.apache.cloudstack.managed.context.ManagedContextTimerTask.run(ManagedContextTimerTask.java:32)
at
java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Is there anyway to reset the certificates so they can be reissued cleanly ?
> On 26 Jul 2025, at 11:26, DaanHoogland (via GitHub) <[email protected]> wrote:
>
>
> GitHub user DaanHoogland added a comment to the discussion: Replace server
> identity
>
> @nlindblo , I think you can do a 1o1 replacement if all IP addresses,
> hostname and the OS (version) etc are the same. I can only think of any
> hardware mac-addresses that might be a problem but I don’t think these are
> recorded for hosts. In my environment those are just zeros for any hosts that
> are not system VMs. You can check that to be sure.
>
> GitHub link:
> https://github.com/apache/cloudstack/discussions/11296#discussioncomment-13895513
>
> ----
> This is an automatically sent email for [email protected].
> To unsubscribe, please send an email to:
> [email protected]
>
smime.p7s
Description: S/MIME cryptographic signature
