This message was deleted.

Did you try going through your masters one at a time and doing a

systemctl restart rke2-server

? Maybe a stop, wait a minute, then start if restart doesn't work? Those are both static pods that are controlled by the rke2-server service, and in theory those get cycled when the service restarts (which a reboot should do too, but can't hurt to try explicitly). I know a node reboot will stop it and restart it, but sometimes a reboot ends up getting treated differently than a service restart.

yes, i have tried that on all 3 controller nodes. since i did not know if it would happen when one restarted one, or when all was restarted. but when that did not work. I did a rolling reboot of all nodes. have also tried to restart rke2-server on one of the rebooted controller nodes. but still Not After : Apr 25 181506 2023 GMT

@gray-lawyer-73831 Thanks, but unfortunately that was one of the first things i tried. The problem was that that method did not rotate those 2 certificates. kubernetes have to manage them, but it does not. i deleted the cert and key files and restarted the containers and they make new self signed certs. with this method : https://github.com/rancher/rancher/issues/41125#issuecomment-1506620040