Hello here, does anybody know if the kube-apiserver server certificate should be automatically rotated in rancher? If so, any thoughts on what could cause it to not rotate? I have cluster run on a rancher console 2.5.8 and woke this morning to an error like this:

x509: certificate has expired or is not yet valid

. I was able to rotate the cert through UI, but I wonder what could have caused it to not rotate. This is a cluster provisioned through terraform.

Hey Abdoul, per the documentation it does seem that the certificates get generated but you have to manually rotate them via the UI - https://docs.ranchermanager.rancher.io/v2.5/how-to-guides/advanced-user-guides/manage-clusters/rotate-certificates

Yea @limited-pizza-33551. I did see that! What's not clicking for me is that I have a fleet of 20 clusters that I manage and this is the very first time I am having to do to rotate the kube-apiserver cert manually. Granted the cluster this happened on is low traffic and never had a scale up and down activity since creation. Do you know if certain operations such as adding or removing nodes for example can trigger the cert rotation?