After renew the certs getting error in kube-apiserver pod logs : Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid #120890
Comments
k8s-ci-robot
added
needs-sig
|
This issue is currently awaiting triage. If a SIG or subproject determines this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/sig network |
k8s-ci-robot
added
sig/network
|
this topic is discussed here: #581 |
|
For Certificate Management with kubeadm refer below Check certificate expiration |
|
probably a setup problem. a better place to ask would be on the support channels. please see: /kind support |
k8s-ci-robot
added
the
kind/support
|
@neolit123: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What happened?
Certificates renewed with using this command: kubeadm alpha certs renew all
Kubernetes version: 1.19.0
My issue is after renewed kubernetes certificates
I'm getting x509 certificate has expired error in kube-apiserver pod logs
Restarted docker containerd & kubelet but still getting same issue in kube-apiserver pod logs
kubectl logs kube-apiserver -n kube-system
E0925 22:45:43.610253 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-25T22:45:43Z is after 2023-09-25T12:10:16Z I0925 22:45:44.656413 1 client.go:360] parsed scheme: "passthrough" I0925 22:45:44.656478 1 passthrough.go:48] ccResolverWrapper: sending update to cc: {[{https://127.0.0.1:2379/ 0 }] } I0925 22:45:44.656494 1 clientconn.go:948] ClientConn switching balancer to "pick_first" E0925 22:45:45.104633 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-25T22:45:45Z is after 2023-09-25T12:10:15Z E0925 22:45:46.208945 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-25T22:45:46Z is after 2023-09-25T12:10:16Z
What did you expect to happen?
its as to show apiserver logs as usual but its showing
"E0926 05:27:20.735229 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:20Z is after 2023-09-25T12:10:16Z
I0926 05:27:21.802752 1 client.go:360] parsed scheme: "passthrough"
I0926 05:27:21.802824 1 passthrough.go:48] ccResolverWrapper: sending update to cc: {[{https://127.0.0.1:2379 0 }] }
I0926 05:27:21.802835 1 clientconn.go:948] ClientConn switching balancer to "pick_first"
E0926 05:27:22.129331 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:22Z is after 2023-09-25T12:10:16Z
E0926 05:27:22.765121 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:22Z is after 2023-09-25T12:10:15Z
E0926 05:27:22.900270 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:22Z is after 2023-09-25T12:10:16Z
E0926 05:27:24.420903 1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0926 05:27:24.914140 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:24Z is after 2023-09-25T12:10:16Z
E0926 05:27:25.070424 1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token
E0926 05:27:25.495518 1 authentication.go:53] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid: current time 2023-09-26T05:27:25Z is after 2023-09-25T12:10:15Z
E0926 05:27:26.504174 1 authentication.go:53] Unable to authenticate the request due to an error: invalid bearer token"
How can we reproduce it (as minimally and precisely as possible)?
renew the certs and restart docker kubelet and check kube-apiserver pod logs
Anything else we need to know?
No response
Kubernetes version
single master cluster
kubernetes version v1.19.0
$ kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:30:33Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.0", GitCommit:"e19964183377d0ec2052d1f1fa930c4d7575bd50", GitTreeState:"clean", BuildDate:"2020-08-26T14:23:04Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Cloud provider
On-premises (private cloud)
OS version
The text was updated successfully, but these errors were encountered: