This message was deleted.
# rke2a
adamant-kite-43734
03/31/2023, 3:23 PMThis message was deleted.
h
hundreds-evening-84071
03/31/2023, 3:29 PMIf you created this cluster from Rancher UI, then you can rotate certs from Cluster Management screen.
If not, then I believe reboot of node (or restart rke2 service) can rotate cert - but i am not 100% sure on this.
hundreds-evening-84071
03/31/2023, 3:30 PMactually here you go: https://docs.rke2.io/advanced?_highlight=rotate#certificate-rotation
h
hundreds-airport-66196
03/31/2023, 3:31 PMYeah, thats what we tried. But rke2 v1.21.5+rke2r1 does not support that
c
creamy-pencil-82913
03/31/2023, 4:31 PMYou can wait for the certificates to be within 90 days of expiring, or you can upgrade.
h
hundreds-airport-66196
03/31/2023, 4:32 PMI think it already expired. You mean upgrade to v1.21.8+rke2r1? Will restarting the server create a new certificate in /etc/rancher/rke2/rke2.yaml?
c
creamy-pencil-82913
03/31/2023, 4:34 PMCertificates should auto-renew during startup of the rke2 service when they are expired or about to expire. If you're on a version affected by an issue that prevents that from occurring, you should upgrade.
creamy-pencil-82913
03/31/2023, 4:35 PMManual certificate rotation should never be necessary, it's for folks that want to do rotations on an ad-hoc basis for whatever reason
h
hundreds-airport-66196
03/31/2023, 5:11 PMThanks !
11 Views