How to renew an expired certificates in ARO?
Environment
- Azure Red Hat OpenShift 4 (ARO)
Issue
- ARO web console and command line are not accessible.
- Unable to login using
ocCLI due to the certificates are expired.
Resolution
- Check if the latest Azure CLI is being used.
- For managed domain renew certificates with the help of the below command.
$ az aro update
Diagnostic Steps
- Check if users are able to log in to the cluster.
$ oc login $apiServer -u kubeadmin -p <kubeadmin password>
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2022-11-04T09:45:51Z is after 2022-11-03T23:59:59Z
- Check the validity of the certificates.
$ echo -e "NAMESPACE\tNAME\tEXPIRY" && oc get secrets -A -o go-template='{{range .items}}{{if eq .type "kubernetes.io/tls"}}{{.metadata.namespace}}{{" "}}{{.metadata.name}}{{" "}}{{index .data "tls.crt"}}{{"\n"}}{{end}}{{end}}' | while read namespace name cert; do echo -en "$namespace\t$name\t"; echo $cert | base64 -d | openssl x509 -noout -enddate; done | column -t
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments