You can renew both internal and external certificates before expiration.
Log in to the master node.
Change to the following directory:
cd <k8s_HOME>
For example:
cd /opt/arcsight/kubernetes
(Conditional) For internal certificates, run the following command to generate new certificates:
./scripts/renewCert --renew -t internal
In a multi-node deployment, executing the above command automatically distributes the new certificates to all nodes in the cluster.
(Conditional) For external certificates, run the following command to generate new certificates:
./scripts/renewCert --renew -t external