My SSL certificate is about to expire if I update my SSL certificate will my users be required to trust a new host key?
A host key is a cryptographic key used for authenticating computers in the SSH protocol.
Host keys are key pairs, typically using the RSA, DSA, or ECDSA algorithms. Public host keys are stored on and/or distributed to SSH clients, and private keys are stored on SSH servers.
Your SSH host key is generated from your SSL certificate and private key. If you generate a new CSR and private key (also called rekeying) when you renew the SSH host key and private key will also change. This will require your clients to trust the new key.
However, many/most CAs will allow reissuing a renewal certificate without rekeying. They simply generate a new SSL certificate with the updated expiration date that still contains the original public key. When you renew that way, the underlying keys don't change.
In this scenario, you just renew your SSL public certificate, then download the certificate from the CA and update it in Cerberus. You don't touch the private key at all (since it hasn't changed). Your SSL certificate will be renewed but your SSH host key will remain unchanged.