30.1 Renewing Certificate Before Expiration

You can renew both internal and external certificates before expiration.

To renew certificates before expiration:

  1. Log in to the master node.

  2. Change to the directory:

    cd <k8s_HOME>

    By default, k8s_HOME is /opt/kubernetes.

  3. (Conditional) For internal certificate, run the following command to generate new certificate:

    ./scripts/renewCert --renew -t internal

    In a multi-node deployment, executing the above command automatically distributes the new certificate to all nodes in the cluster.

  4. (Conditional) For external certificate, run the following command to generate new certificate:

    ./scripts/renewCert --renew -t external