How to Renew SSL Certificates When They Expire in Microk8s
2023-08-21 10:08 (1 years ago)
ytyng
Here is the translation of the provided Japanese blog article into English:
When trying to operate Micro k8s (Kubernetes), you might encounter the following error:
Unable to connect to the server: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-08-21T09:52:50+09:00 is after 2023-08-19T07:31:15ZHere’s how to address this issue.
First, on the Kubernetes node, run sudo microk8s.refresh-certs -c:
$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in -2 days.
The front proxy client certificate will expire in -2 days.You can identify the expired certificates, and then update each certificate using sudo microk8s.refresh-certs.
$ sudo microk8s.refresh-certs --cert=front-proxy-client.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=CN = front-proxy-client
Getting CA Private Key
Restarting service kubelite.$ sudo microk8s.refresh-certs --cert=server.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=C = GB, ST = Canonical, L = Canonical, O = Canonical, OU = Canonical, CN = 127.0.0.1
Getting CA Private Key
Restarting service kubelite.
Restarting service cluster-agent.Verify the results:
$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in 364 days.
The front proxy client certificate will expire in 364 days.Since the validity is 364 days, it seems you’ll need to perform this procedure once a year.
Comments