Currently I have 2 channels, 3 orderers with the TLS certs expired.
After that i restart the orderer and now I have:
Now, since ord1 & ord2 have expired certs i think i need the TimeShift, in fact they are able to reach consensus (I can pull the latest config block from the system channel).
But with this settings, certs of ord0 result not yet valid since ord1 & ord2 are in the past.
So I tried a different configuration just to see what happens:
ORD1 -> no timeshift set
ORD2 -> Stopped to not flood the logs of the others orderer
In this way on the system channel I can get the quorum using ord0 (new certs) and ord1 (expired). I think I got the procedure. But there is a thing that I'm not sure of:
Now I'm in a situation in which I'm able to get 2 orderers out of 3 to communicate thanks to the time shift parameter. If update all the orderers in the system channel with new certs i would have the system channel correctly configured and all the certs on the FS of the orderers updated.
Now the problem comes with the application channel "mychannel"
After udpating the system channel I have new certs in the FS of the orderers, but the update wouldn't be possible on mychannel because I have a mismatch between the certs on the FS and the certs on the config block of the channel, am I right?
So I should update a orderer at a time in every channel, that's what I'm considering