How to redeploy the default ingress certificate in OCP 4.X

Solution Verified - Updated -


  • Web console is not accessible due to the default ingress certificate is expired.
  • How to renew or regenerate the expired default ingress certificate.
  • The authentication operator is degraded with RouterCerts_InvalidServerCertRouterCerts and a cert expiry message.
  • Unable to login using CLI for certificate has expired:

    $ oc login -u kubeadmin
    error: x509: certificate has expired or is not yet valid: current time 2021-09-23T09:46:28+01:00 is after 2021-08-20T20:16:38Z


  • Red Hat OpenShift Container Platform
    • 4.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content