/
LetsEncrypt manual certificate Renewals

LetsEncrypt manual certificate Renewals

Mar 28, 2019

Renewal of Lets Encrypt certificates, applicable when no auto renewals such as certbot / certmanager are being used.

Instructions

  1. Exec into running nginx pod and execute,

  2. Once command is successful, check for new certs, 

    • ls -lrt /etc/ssl/acme/$DOMAIN

  3. Reload nginx to pick up new certs and verify if domain reflects right certificates,

    • nginx -s reload

  4. Copy certs from pod

    1. kubectl cp nginx-2087212062-c67lk:/etc/ssl/acme/egov-micro-qa.egovernments.org/ ./certs-egov-micro-qa

  5. ssh to bastion node using the key file and ssh to minion nodes with admin user one-by-one

    1. ssh -i <KEY>.pem admin@<BASTION-IP> this is not accessible outside the egovernment network. Or need to whitelist the ip.

    2. scp to writable directory on the minion

    3. ssh to minion and sudo cp to /srv/acme/egov-micro-qa.egovernments.org directory

  6. Restart nginx pod to test to make sure everything is running ok



The entire process has been automated on the playground, use only for legacy deployments.

Related articles