How to renew lets encrypt certificate manually using cert manager

atish · June 15, 2023, 1:21pm

how i can renew my lets encrypt certificate for nginx ingress controller using cert manager. I wanted to renew the lets encrypt certificate before renewal time. Looking forward to hear back.

K8s Version: 1:23

The operating system my web server runs on is (include version): ubuntu

The version of my client is: cert manager

Status:
  Conditions:
    Last Transition Time:  2023-05-12T14:10:19Z
    Message:               Certificate is up to date and has not expired
    Observed Generation:   1
    Reason:                Ready
    Status:                True
    Type:                  Ready
  Not After:               2023-08-10T13:10:18Z
  Not Before:              2023-05-12T13:10:19Z
  Renewal Time:            2023-07-11T13:10:18Z
  Revision:                1
Events:                    <none>

here my expiry and renewal time. i wanted to renew it immediately. any speicifc command?

MikeMcQ · June 15, 2023, 1:48pm

You might want to check this about renewing at will:

griffin · June 15, 2023, 2:03pm

Just delete the certificate secret. cert-manager will immediately request a new certificate.

atish · June 15, 2023, 2:24pm

Hi griffin,

This will cause downtime. how i can renew it without downtime.

griffin · June 15, 2023, 2:43pm

It will not cause downtime. Certificates are cached in memory by the webserver instances. Once the new certificate secret has been created, the webserver instances will be gracefully reloaded to pickup the new certificate.

atish · June 15, 2023, 2:55pm

Thank you mike,

I hope cmctl command will work to renew it manually.

atish · June 15, 2023, 2:58pm

Thanks griffin,

The secret and certificate i wanted to renew is for nginx ingress controller not for webserver. I have doubt how it will cache. As deleting and creating need downtime and reosurce will not avl for that particular time

rg305 · June 15, 2023, 5:54pm

Where did you learn/read this?

griffin · June 16, 2023, 12:19am

I know it's for an ingress controller. When I said "webserver" I was really meaning nginx instance (or similar). Are you using ingress-nginx via helm?

griffin · June 16, 2023, 12:20am

Not unless you destroy your ingress instances in the process.

griffin · June 16, 2023, 12:22am

Yes, using cert-manager's CL tool will allow you to handle this more explicitly, per @MikeMcQ's good suggestion. I provided the quicker/dirtier approach I've used several times in my day job.

atish · June 16, 2023, 5:22am

yes. we are using helm for life cycle mgmt

atish · June 16, 2023, 5:23am

tysm @griffin for prompt response. Appreciate your suggestion.

atish · June 16, 2023, 5:25am

One more query. Does cert manager handle the renewal process of certificate automatically. based on the renewal time?

Not After: 2023-08-10T13:10:18Z

Not Before: 2023-05-12T13:10:19Z

Renewal Time: 2023-07-11T13:10:18Z

Revision: 1

Events:

griffin · June 16, 2023, 5:58am

Yes. 30 days (1/3 life remaining) prior

system · July 16, 2023, 5:59am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certbot cannot renew in k8s Help	5	582	September 23, 2023
More info on how the auto renewal works Help	3	639	September 30, 2020
AWS EKS Letsencrypt - ACME certificates expired and unable to renew automatically Help	2	908	August 5, 2023
Certificate renewal using cert-manager on kubernetes cluster Help	3	4065	January 22, 2020
Need help with cert renew and nginx server Server	9	3091	July 24, 2016

How to renew lets encrypt certificate manually using cert manager

Related topics