当我们遇到证书过期,或者遇到下面的情况的时候,可能需要手动更换一下证书了
Unable to connect to the server: x509: certificate is valid for 10.43.0.1, 127.0.0.1, 192.168.0.2, not xxx 查看并备份当前证书 这里以 K3s 为例,原理和 K8s 完全相同
$ cd /var/lib/rancher/k3s/server/tls $ openssl x509 -noout -text -in serving-kube-apiserver.crt Certificate: Data: Version: 3 (0x2) Serial Number: 5436315453726641788 (0x4b71ac1a3257ce7c) Signature Algorithm: ecdsa-with-SHA256 Issuer: CN = k3s-server-ca@1640660897 Validity Not Before: Dec 28 03:08:17 2021 GMT Not After : Dec 28 03:08:17 2022 GMT Subject: CN = kube-apiserver Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit) pub: 04:53:50:c3:aa:83:af:d5:0c:13:a2:b4:55:09:28: de:c6:65:b3:62:e6:78:06:90:22:69:b3:42:b5:e2: 5f:ed:f2:7d:4c:bc:a0:bc:ea:b5:ee:82:5e:36:16: 65:ad:7e:03:e0:73:ef:f3:26:35:8f:2e:36:d8:cf: 6a:0e:70:f4:b8 ASN1 OID: prime256v1 NIST CURVE: P-256 X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Authority Key Identifier: keyid:CC:B5:B8:3B:36:D9:2D:F0:E1:E2:F0:01:C5:85:A2:69:ED:1C:19:BD X509v3 Subject Alternative Name: DNS:kubernetes, DNS:kubernetes....