Streams for Apache Kafka pods were restarted repeatedly due to: No CA found

Solution Verified - Updated -

Issue

Streams for Apache Kafka pods were restarted repeatedly due to: No CA found
all the brokers in my kafka cluster cannot work, client can not connect to the kafka cluster. errors in zookeeper pods:

2025-03-21 02:45:52 ERROR NetworkClient:764 - [AdminClient clientId=adminclient-35060] Connection to node 0 (my-cluster-kafka-0.my-cluster-kafka-brokers.amq-stream.svc/10.135.8.153:9091) failed authentication due to: SSL handshake failed,amq-stream,strimzi-cluster-operator

...
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Mar 20 23:11:12 GMT 2025,amq-stream,strimzi-cluster-operator

On kafka brokers, info are as below:

Detected Zookeeper ID 1
Preparing truststore
Adding /opt/kafka/cluster-ca-certs/ca.crt to truststore /tmp/zookeeper/cluster.truststore.p12 with alias ca
Certificate was added to keystore
Preparing truststore is complete
Looking for the right CA
No CA found. Thus exiting.

how to resolve it? and why the certificate is not renewed automatically?

Environment

Streams for Apache Kafka 2.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content