Forcing renewal of a cert in cert-manager
June 3, 2024•106 words
Had an issue with our DNS API key which blocked some certificates from renewing. I rotated the key but didn't know how long I would have to wait until it tried again. Found out that there is a command-line application for cert-manager where you can force an immediate update.
First install the tool cmctl
. On my work Mac I just used brew: brew install cmctl
Then switch to the correct namespace where the certificate lives and run the tool:
$ kns some-name-space
$ k get certificates
NAME READY SECRET AGE
some-cert-tls True some-cert-tls 61d
$ cmctl renew some-cert-tls
More info on the cmctl page.