This message was deleted.
# generala
adamant-kite-43734
10/16/2023, 9:07 AMThis message was deleted.
l
lively-agent-17720
10/16/2023, 9:31 AMRancher version 2.6.8
lively-agent-17720
10/16/2023, 9:55 AMI can see for example that /var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt => is expired
i
important-activity-72202
10/16/2023, 4:17 PMHi Sebastian, I am using RKE2 without rancher and certificates are renewed automatically during a node reboot.
important-activity-72202
10/16/2023, 4:20 PMThis is how I find expiration times of certificates:
Copy code
find /var/lib/rancher/rke2/server -name '*.crt' -exec openssl x509
-in {} -text \; | grep -iE 'subject:|Not After'important-activity-72202
10/16/2023, 4:22 PMTo be renewed during a reboot, the expiration time has to be nearer than 90 days.
c
creamy-pencil-82913
10/16/2023, 5:20 PMyes, just restart rke2 on the server nodes within 3 months of the certs expiring and they will be renewed.. If you’re keeping up with patches at all, this should not be a problem as you would be restarting the rke2 service to apply updates.