You can renew both internal and external certificates after expiration.
Log in to the master node.
Change to the following directory:
cd <k8s_HOME>
For example:
cd /opt/arcsight/kubernetes
(Conditional) For an internal certificate, complete the following steps:
To generate new client.crt, client.key and server.crt certificates, run the following command:
./scripts/renewCert --renew -V 365 -t internal
(Conditional) If you have multiple master nodes, run the following command on all the master nodes:
./scripts/renewCert --renew -t internal
(Conditional) For external certificates, run the following command:
To generate new external self-signed certificates:
./scripts/renewCert --renew -t external
To generate the external custom self-signed certificates:
./scripts/renewCert --renew -t external --tls-cert /<cert file directory>/<cert file> --tls-key <private key directory>/<private key> [--tls-cacert <CA cert directory>/<CA cert file>]