This task replaces the identity file used throughout the cloud for TLS-encrypted communication, such as HTTPS.
You must replace TLS certificates before they expire.
identity_file The identity file consists of a public certificate, an optional signing certificate, and a private key that can be
encrypted. If the private key is encrypted, provide the correct password to decrypt it.
host_list This parameter specifies hosts to deploy the new identity file to. This parameter can be used to exclude offline hosts.
All hosts in the host_list must be running. To alter the TLS identity file when there are hosts that are not running,
specify a host_list that excludes those hosts.
Hosts that are excluded from the host_list do not receive the new identity files and are no longer able to communicate
with the cloud. Any hosts that are excluded from the host_list must have their identity files replaced manually.