ACME SSL certificate rotation not updated on HTTPS port

Zangetsu

I'm on ACOS 5.2.1-P6 using A10 ACME client to generate SSL cert/key pairs. No problem obtaining the files and applying these to templates. I then tested rotation using the "force" option. The new certificate was created and shows as "bound". However, the HTTPS port with associated client-ssl template is still using the old certificate testing from clients. I was hoping the new cert would go directly into service. Is this expected behavior from ACME cert rotation to avoid disruptions? Any recommendations to apply the new cert, or even better, to automate this step?

Zangetsu

At the time of this comment, TAC has confirmed the same result. The ACME client in ACOS obtains new SSL certs, but deployment must be done manually (e.g. remove the SSL cert in client-ssl template, apply/update, then re-add it).