Cert-manager: Generate a new cert
/kind feature
Hi. I didn't found a command or something else in the documentation about this.
Is it possible to regenerate a certification with a CLI command?
By default, certificate are provided for 3 months. But how to do if we want to regenerate the next rotation before the end? For testing or prevent a vacation for example.
Thank you
julien-hedoux
All 2 comments
This happens automatically, currently for lets encrypt the certificate is valid for 3 months as you said, cert-manager will automatically attempt renew it if it is within 1 month of its expiration. So basically you should expect to see it be renewed every 2 months.
If you want to force a renew for testing, it is a simple as deleting the TLS secret that holds the issued certificate. Cert-manager will detect this and get a new certificate for you. I usually just do this from the kubernetes dashboard, but you can use kubectl if you want a CLI command. If you do this, be careful you dont accidentally hit the rate limits.
Queuecumber
on 23 Aug 2018
ok. Thank you.
julien-hedoux
on 25 Aug 2018
Related issues
Azylog
路
3Comments
munnerz
路
4Comments
gaieges
路
3Comments
howardjohn
路
3Comments
jakubknejzlik
路
3Comments
Most helpful comment
This happens automatically, currently for lets encrypt the certificate is valid for 3 months as you said, cert-manager will automatically attempt renew it if it is within 1 month of its expiration. So basically you should expect to see it be renewed every 2 months.
If you want to force a renew for testing, it is a simple as deleting the TLS secret that holds the issued certificate. Cert-manager will detect this and get a new certificate for you. I usually just do this from the kubernetes dashboard, but you can use kubectl if you want a CLI command. If you do this, be careful you dont accidentally hit the rate limits.