What is the nature and description of the request?

similar to how the installer has playbooks for backup and restore, there should be a playbook for replacing user-provided certificates and keys without having to re-run every installer task.

Why does the customer need this? (List the business requirements here)

the CA/Browser forum recently voted to reduce the maximum lifetime of public TLS certificates to 47 days in a phased approach over the next four years.  as such, customers using public certificates will need to replace their user-provided TLS certificates more often than in the past.  the current process for replacing TLS certificates for AAP is to re-run the installer, which takes much longer than it should need to just for replacing certificates.

How would you like to achieve this? (List the functional requirements here)

a playbook that ships with the installer would allow customers to replace their TLS certificates with minimal downtime, just enough to copy the new certs and keys into place and restart the relevant AAP services.