Resetting Replicated SSL Certs?


#1

Good question came in the other day:

Is there anyway to recreate SSL certs for replicated?

getting a

certificate is valid for x.x.x.x, not y.y.y.y

in the replicated log


#2

Some underlying infrastructure changes (like changing private IPs) may require replicated to re-sign or reset internal certificate PKI. You can force Replicated to regenerate some internal certificates in /var/lib/replicated/retraced/api:

mv /var/lib/replicated/retraced/api/server.crt /var/lib/replicated/retraced/api/server.crt.bak
mv /var/lib/replicated/retraced/api/server.key /var/lib/replicated/retraced/api/server.key.bak

#3

This doesn’t seem to be available:

# cd /var/lib/replicated/retraced/api
bash: cd: /var/lib/replicated/retraced/api: No such file or directory

# ls -al /var/lib/replicated/
total 12
drwxr-xr-x  3 root root 4096 Mar 30 17:28 .
drwxr-xr-x 39 root root 4096 Mar 30 17:28 ..
drwxr-xr-x  5 root root 4096 Mar 30 17:28 snapshots
#

#4

Jeff, it appears that you’re running on either the Swarm or Kubernetes schedulers. Swarm uses a named docker volume and Kubernetes a PVC rather than files directly on the host, and the easiest way to access the contents is to exec into the replicated container/pod and edit things from there.