https://rancher.com/ logo
#k3s
Title
e

enough-carpet-20915

10/08/2022, 6:56 PM
Copy code
admin@marge:~$ sudo k3s certificate rotate
INFO[0000] Server detected, rotating server certificates 
INFO[0000] Rotating certificates for admin service      
INFO[0000] Rotating certificates for etcd service       
INFO[0000] Rotating certificates for api-server service 
INFO[0000] Rotating certificates for controller-manager service 
INFO[0000] Rotating certificates for cloud-controller service 
INFO[0000] Rotating certificates for scheduler service  
INFO[0000] Rotating certificates for k3s-server service 
INFO[0000] Rotating dynamic listener certificate        
INFO[0000] Rotating certificates for k3s-controller service 
INFO[0000] Rotating certificates for auth-proxy service 
INFO[0000] Rotating certificates for kubelet service    
INFO[0000] Rotating certificates for kube-proxy service 
INFO[0000] Successfully backed up certificates for all services to path /var/lib/rancher/k3s/server/tls-1665255335, please restart k3s server or agent to rotate certificates 

admin@marge:~$ sudo diff -sr /var/lib/rancher/k3s/server/tls /var/lib/rancher/k3s/server/tls-1665255335/ | grep -i identical | awk '{print $2}' | xargs basename -a | awk 'BEGIN{print "Identical Files:  "}; {print $1}'
Identical Files:  
client-ca.crt
client-ca.key
dynamic-cert.json
peer-ca.crt
peer-ca.key
server-ca.crt
server-ca.key
request-header-ca.crt
request-header-ca.key
server-ca.crt
server-ca.key
service.key
apiserver-loopback-client__.crt
apiserver-loopback-client__.key
c

cool-petabyte-32540

10/08/2022, 7:13 PM
Did you restart the k3s server or agent?
e

enough-carpet-20915

10/08/2022, 7:13 PM
Following those directions I shut down the server before running regenerate and started it back up after it was done
but it doesn't look like it's changing the certs
I don't even understand where these old certs are coming from. These are literally new machines.
16 Views