Unable to connect to the server: x509: certificate has expired or is not yet valid
search cancel

Unable to connect to the server: x509: certificate has expired or is not yet valid

book

Article ID: 232693

calendar_today

Updated On:

Products

DX Operational Intelligence DX Operational Observability DX Application Performance Management

Issue/Introduction

When we check kubernetes it is showing below error. 

Unable to connect to the server: x509: certificate has expired or is not yet valid

Checked the certificates and they are indeed expired:

# find /etc/kubernetes/pki/ -type f -name "*.crt" -print|egrep -v 'ca.crt$'|xargs -L 1 -t -i bash -c 'openssl x509 -noout -text -in {}|grep After'

bash -c openssl x509 -noout -text -in /###crt|grep After
Not After : Jan 13 18:37:22 2022 GMT

Environment

  • DX O2 On-premise *
  • DX Platform 23.*

Cause

When kubernetes was installed, the self-signed certificates were created with a short duration (documentation mentions 500 days)

Resolution

Followed the belw steps to renew the certificates in Kb8 ( if you are on K8s 1.17.9 or above):

1) make sure you take a copy of all the crt files as well as these:

   /etc/kubernetes/admin.conf
   ~/.kube/config/admin.conf

2) run these commands

   kubeadm alpha certs check-expiration
   kubeadm alpha certs renew all

3) copy /etc/kubernetes/admin.conf to your ~/.kube/config

Powered by Wolken Software