Skip to content

Instantly share code, notes, and snippets.

@swagfin

swagfin/how-to-re-generate-k8s-ssl-certificates.md

Last active April 2, 2025 21:15
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save swagfin/fff37060564139d9c487e9808f168216 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save swagfin/fff37060564139d9c487e9808f168216 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
how-to-re-generate-k8s-ssl-certificates.md

How to re-generate K8s SSL Certificates on MicroK8s

Issue

You might encounter the following error when you the IP addresses is changed on the host machine:

Unable to connect to the server: x509: certificate is valid for <internal IPs>, not <external IP>

Solution

To resolve this issue, you need to modify the certificate signing request (CSR) template to include the missing IP address.

Edit the CSR template

nano /var/snap/microk8s/current/certs/csr.conf.template

then your Internal and External IP addresses if not already existing

DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster
DNS.5 = kubernetes.default.svc.cluster.local
IP.1 = 127.0.0.1
IP.2 = <internal IP address>
IP.3 = <external IP address>

Re-generate SSL Certificates

Run the following commands to re-generate the SSL certificates:

sudo microk8s refresh-certs --cert ca.crt
sudo microk8s refresh-certs --cert front-proxy-client.crt
sudo microk8s refresh-certs --cert server.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment