Re: Update expired orderer org admin certificate and orderer certs #fabric-questions #fabric-orderer #signcerts #fabric
1: In my situation I had all the certs expired, both admin (peer and orderers), TLS and MSP certs.
2: You need to sign with old certs in orderer tu run the update, if I recall correctly the ORDERER_GENERAL_AUTHENTICATION_NOEXPIRATIONCHECKS=true (in the docker compose file of the orderer) should get the job done --tlsHandshakeTimeShift x where x is an amount of time greater than the expired time, in your case should be > 1211h. Try with this and the update should run smoothly.
3: I wasn't sure about the cluster parameter, in any case they are well documented here: official documentation.
I set the parameteres in the docker compose yaml file for every orderer commenting out to disable the paramenter and restart with docker compose up