Hi!
Afaik none of the certs that renew-crypto generates have to do with the exports, so rerunning renew crypto will probably not fix it. I assume er have the key size hard coded somewhere and it needs to be adapted. Do you mind filing a bug?
Cheers,
Helga
Because of logjam attack(https://weakdh.org/) - there must be generated dh params file: openssl dhparam -out dhparams.pem 2048 and then added to server.pem on every node: cat dhparams.pem >> /var/lib/ganeti/server.pem After adding dh to every node - import/export works fine.
====
But it doesn't work for me.
Has anybody success using this solution?