SSL renewal should also work after certificate has expired #7
Description
Currently, once the cert is expired, the renewal tool is useless: the whole process relies on connecting to the other platform machines, and connections fail if the cert is not valid. So the only option left is doing it by hand.
Possible improvement that would allow generating the certificate itself: don't send a reboot order to all followers but only those with the dns role (so the local follower will be alright and the DNS challenge will work, unless there's a reg slave and it happens to receive the verification query).
For a real solution though: no way around allowing the bypassing of the Node.js certificate error (CERT_HAS_EXPIRED), e.g. by setting rejectUnauthorized: false in the request agent options, probably after showing the user the expired cert and asking for confirmation.
But: is it worth doing, and shouldn't we find a way to ensure certs don't expire instead?