Ops Manager reporting some on-demand service instances certificates expired
Article ID: 293667
Updated On:
Products
Operations Manager
Issue/Introduction
After reviewing the certificates using the BOSH API endpoint, there are bosh_dns client and server certificates listed as expired:
"/bosh_dns_health_server_tls" "/bosh_dns_health_client_tls" "/dns_api_server_tls" "/dns_api_client_tls"
After checking the credhub using How to login and access Credhub in Tanzu Application Service (TAS), it looks like all these certificates are already rotated and have a valid expiry dates.
Cause
This is issue is caused by the on-demand service-instance not being properly recreated after the rotation of certificates.
Environment
Product Version: 2.7
Resolution
Note: The steps below will cause some downtime on non-High Availability (HA) single node service-instances.
Recreate the on-demand service instance deployment using the latest manifest. To do this, follow these steps:
1. Download the manifest for the on-demand service instance:
bosh manifest download <service-instance-deployment> > <service-instance-deployment>.yaml
2. Recreate the deployment:
bosh deploy <service-instance-deployment>.yaml --recreate
Feedback
Yes
No
Powered by
