Hello,

first: thanks for this software - I really appreciate all the scripts provided!

From what I can tell, certificate renewals happen on the controller node with the key and CSR pre-existing on the TLS client hosts. I wonder what the recommended way is to rotate the latter? Should one manually keep track of renewals on the TLS client hosts or is there a way to initiate rotations as part of the renewal on the controller?

Cheers
Georg