Foreman migration to new domain without replacing client certs

We need to move our foreman to a new domain. However, we’d like to do that without regenerating all client certificates.

I have successfully set up a new server, migrated the database and the certificates, but the clients won’t accept the server certificate anymore, because obviously it’s coming from a different domain.

The way I understand it it should be possible to create a new server certificate for the new domain from the old CA, and this would be accepted by the clients since it now matches the domain properly, and is issued by the same CA as they were.
I’m not 100% sure about this. SSL is a book on which I barely scratched the first seal, and it seems to have a couple dozens of it, so stop me right here if I’m wrong.

If what I’m intending here should be possible, however, could somebody tell me how to do that in foreman? I tried to making a new smart proxy, but that didn’t yield a certfiicate. I tried regenerating the smart-proxy cert as described here (first answer), but apparently I don’t even have that command (installed via foreman-installer, maybe there’s a difference…?).
Maybe I’m getting the concept of a smart proxy wrong and that’s not even what I should be generating a new certificate for.
As you can see, I have only half an idea of what I’m doing, so your help would be very appreciated!

Did some more digging. I realized that there was in fact a certificate generated for the new smart proxy, and I made sure that the CN is correct. I updated a node configuration to use that proxy, but when I run the agent on that node, it still receives the same old certificate. Can somebody tell me why that is?