Good question came in the other day:
Is there anyway to recreate SSL certs for replicated?
getting a
certificate is valid for x.x.x.x, not y.y.y.yin the replicated log
Some underlying infrastructure changes (like changing private IPs) may require replicated to re-sign or reset internal certificate PKI. You can force Replicated to regenerate some internal certificates in /var/lib/replicated/retraced/api:
mv /var/lib/replicated/retraced/api/server.crt /var/lib/replicated/retraced/api/server.crt.bak
mv /var/lib/replicated/retraced/api/server.key /var/lib/replicated/retraced/api/server.key.bak
This doesn’t seem to be available:
# cd /var/lib/replicated/retraced/api
bash: cd: /var/lib/replicated/retraced/api: No such file or directory
# ls -al /var/lib/replicated/
total 12
drwxr-xr-x 3 root root 4096 Mar 30 17:28 .
drwxr-xr-x 39 root root 4096 Mar 30 17:28 ..
drwxr-xr-x 5 root root 4096 Mar 30 17:28 snapshots
#Jeff, it appears that you’re running on either the Swarm or Kubernetes schedulers. Swarm uses a named docker volume and Kubernetes a PVC rather than files directly on the host, and the easiest way to access the contents is to exec into the replicated container/pod and edit things from there.