[OSSM] How to renew and redeploy logging certificates for Service Mesh elasticsearch instance

Solution Verified - Updated -

Issue

  • Elasticsearch pods fail Readiness probe.
Readiness probe failed: Elasticsearch node is not ready to accept HTTP requests yet [response code: 503]

  • jaeger-query and jaeger-collector pods in CrashLoopBackOff state.

  • Elasticsearch containers in the elasticsearch pods indicates validity check fail output.

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
Caused by: java.security.cert.CertPathValidatorException: validity check failed
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Jul 21 08:37:34 UTC 2023

Environment

  • Red Hat OpenShift Container Platform
    • 4.10+
  • Red Hat OpenShift Service Mesh
    • 2.0-2.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content