Recovering from expired control plane certificates

This is from Red Hat Open Course Red Hat OpenShift Container Platform 4 Troubleshooting: Cluster Recovery

Firstly, I used a vm (classroom) to do

[user1@classroom ~]$ export KUBECONFIG=/home/user1/training1/auth/kubeconfig 
[user1@classroom ~]$ oc get nodes
Unable to connect to the server: x509: certificate has expired or is not yet valid

Then, I followed document to fix the problem and made sure that all CSRs are already approved.

But I still got the same error message when tried to oc get nodes from that vm.

I doubt whether using temporary kube-apiserver to approve CSRs has nothing to do with the original content of KUBECONFIG in tha vm at all?

If I would like to oc login to the cluster on that vm within valid certificate period, what should I do?