Forcing renewal of a cert in cert-manager

Had an issue with our DNS API key which blocked some certificates from renewing. I rotated the key but didn't know how long I would have to wait until it tried again. Found out that there is a command-line application for cert-manager where you can force an immediate update.

First install the tool cmctl. On my work Mac I just used brew: brew install cmctl

Then switch to the correct namespace where the certificate lives and run the tool:

$ kns some-name-space
$ k get certificates
NAME            READY   SECRET         AGE
some-cert-tls   True    some-cert-tls   61d

$ cmctl renew some-cert-tls

More info on the cmctl page.


You'll only receive email when they publish something new.

More from highteklowlife
All posts