Redeploy node certificates in Openshift 3.10 and 3.11

Solution Verified - Updated -


  • I redeployed a new CA and the nodes are no longer in a Ready State.
  • How do I manually force new certificates to get created.
  • Nodes are failing to renew their certificate with the following error:
atomic-openshift-node[3715]: I0313 11:40:48.864375    3715 bootstrap.go:56] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file
atomic-openshift-node[3715]: I0313 11:40:48.865525    3715 bootstrap.go:86] No valid private key and/or certificate found, reusing existing private key or creating a new one
atomic-openshift-node[3715]: F0313 11:40:48.893737    3715 server.go:262] failed to run Kubelet: cannot create certificate signing request: Unauthorized


  • OpenShift Enterprise Container Platform
    • 3.10
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In