This is an error that you might see once every 10 years, so it’s very likely you’ll forget the solution. The behavior is the following: When trying to do anything that interacts with API server you’ll get the following error:
boris@ubuntu:~$ microk8s kubectl get all --all-namespaces
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2020-05-03T23:53:06Z is after 2020-05-03T16:38:01Z
How to solve it?
Easy, just renew your certificates. But first, it’s a good idea to check expiration time of current installed certificates:
boris@ubuntu:~$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 0 days.
Ok, we’re a bit out-of-date, let’s renew them:
boris@ubuntu:~$ sudo microk8s.refresh-certs -i
Backing up certificates under /var/snap/microk8s/1385/var/log/ca-backup/
Creating new certificates
Signature ok
subject=/C=GB/ST=Canonical/L=Canonical/O=Canonical/OU=Canonical/CN=127.0.0.1
Getting CA Private Key
Signature ok
subject=/CN=front-proxy-client
Getting CA Private Key
1
Creating new kubeconfig file
Stopped.
Started.
The CA certificates have been replaced. Kubernetes will restart the pods of your workloads.
Any worker nodes you may have in your cluster need to be removed and re-joined to become aware of the new CA.