cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

We are seeing that the SSL certificate of the cluster hosts expire in a few days.

jose-antonio_ra
Inactive

Hi all.

We have a doubt. We are seeing that the SSL certificate of the cluster hosts expire in a few days.


What does it affect if it expires?

Can monitoring data be lost?

Or Is it renewed automatically?

Is there anything we should keep in mind before the expiration date?


Thanks in advance.

Jose A


8 REPLIES 8

Radoslaw_Szulgo
Dynatrace Leader
Dynatrace Leader

Certificate should be automatically renewed. I'll check the details and update you on that.

If a certificate expired you will see the warning in the browser when accessing UI. Monitoring should not be affected.


Technical Product Manager,
Dynatrace Managed expert

Thanks you Radoslaw.

Can you confirm the automatic renewal?

Is there any way to renew it manually before it expires? and thus avoid problems...


Regards


Dynatrace by default uses certificates from Letsencrypt, unless you are using your own certs. They are normally valid for 3 months. I think the renewal process starts about a week before the expiration.

You don't need to worry about that. Unless you lose the connectivity to mission control, the certificates will be renewed automatically.


It expires on October 26th - which is in 1.5 month ahead. Certificate will be refreshed 14 days before an expiration time.


Technical Product Manager,
Dynatrace Managed expert

Ah and there's no way to refresh that manually.


Technical Product Manager,
Dynatrace Managed expert

Actually there is 🙂 You need to disable and then re-enable the certificate management. New certificates will be generated. However, this may result in broken communication (for UI clients) during the time the certificate management is disabled (selfsign certificate will be used as far as I remember unless you specify your own one).
So this is definitely not a recommended way to do refresh certificates.


I'm afraid that is not true. When you do it like that, the previous certs (actually keystore) are reverted.
Technical Product Manager,
Dynatrace Managed expert

Last time I've tried this the certs were regenerated. But it could be a coincidence anyway.