Resetting Replicated SSL Certs?


Good question came in the other day:

Is there anyway to recreate SSL certs for replicated?

getting a

certificate is valid for x.x.x.x, not y.y.y.y

in the replicated log


Some underlying infrastructure changes (like changing private IPs) may require replicated to re-sign or reset internal certificate PKI. You can force Replicated to regenerate some internal certificates in /var/lib/replicated/retraced/api:

mv /var/lib/replicated/retraced/api/server.crt /var/lib/replicated/retraced/api/server.crt.bak
mv /var/lib/replicated/retraced/api/server.key /var/lib/replicated/retraced/api/server.key.bak