Note: The above is an example, your certificates might be in a different location.
Backup the certificate and key file as found in the above configuration file
Obtain a renewed certificate and associated key and copy the files into the same location, giving them the same names. Note: Alternatively you may relocate the files elsewhere as long as the entries above point to the correct place.
Verify that the raas user owns these files and they have permissions 600 (or -rw------- ).
Verify that the raas user can access the files if parent directories have differing permissions.
Restart the SSE server
systemctl restart raas
Wait a few seconds, then verify that SSE is up and running.
systemctl status raas
Visit the Aria Automation Config URL in your browser to verify that the webserver is serving content. Using your browser's tools, check the details on the certificate being served to validate that it is the expected certificate with the desired expiration date.
If the used Certificate Authority to sign the new certificate is different to the known Certificate Authority of the connected salt-master server then also import the certificate of the used Certificate Authority to each connected salt-master server. e.g: Making CA certificates available to Linux command-line tools