I think you've correctly identified the issue and solution. The SAS Secrets Manager (Vault) process has a CA with a certificate that expires earlier than the TTL for the new certificate it's trying to generate. The "renew-security-artifacts.yml" playbook should re-issue that CA certificate. Renew Security Objects Using Ansible Plays (Linux Deployment) https://go.documentation.sas.com/doc/en/calcdc/3.5/calencryptmotion/n1xdqv1sezyrahn17erzcunxwix9.htm#p0vvrppsrlw0qmn1dkgvtksncr5c
... View more