How to renew or recreate a node's certificate in OpenShift 4.x

Solution Verified - Updated -


  • Only one node is not working, with a "NotReady" status;
  • Kubelet service log shows lots of messages:

    Unable to authenticate the request due to an error: x509: certificate signed by unknown authority
  • Expired or mis-matched node certificates, but there are no Pending CSRs

  • How do I redeploy node certificates or do TLS bootstrapping?


  • Red Hat OpenShift Container Platform (RHOCP) 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In