cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

We are seeing that the SSL certificate of the cluster hosts expire in a few days.

jose-antonio_ra
Inactive

Hi all.

We have a doubt. We are seeing that the SSL certificate of the cluster hosts expire in a few days.


What does it affect if it expires?

Can monitoring data be lost?

Or Is it renewed automatically?

Is there anything we should keep in mind before the expiration date?


Thanks in advance.

Jose A


8 REPLIES 8

Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

Certificate should be automatically renewed. I'll check the details and update you on that.

If a certificate expired you will see the warning in the browser when accessing UI. Monitoring should not be affected.


Senior Product Manager,
Dynatrace Managed expert

Thanks you Radoslaw.

Can you confirm the automatic renewal?

Is there any way to renew it manually before it expires? and thus avoid problems...


Regards


Dynatrace by default uses certificates from Letsencrypt, unless you are using your own certs. They are normally valid for 3 months. I think the renewal process starts about a week before the expiration.

You don't need to worry about that. Unless you lose the connectivity to mission control, the certificates will be renewed automatically.


Certified Dynatrace Master | TEMPEST a.s., Slovakia, Dynatrace Master Partner

It expires on October 26th - which is in 1.5 month ahead. Certificate will be refreshed 14 days before an expiration time.


Senior Product Manager,
Dynatrace Managed expert

Ah and there's no way to refresh that manually.


Senior Product Manager,
Dynatrace Managed expert

Actually there is 🙂 You need to disable and then re-enable the certificate management. New certificates will be generated. However, this may result in broken communication (for UI clients) during the time the certificate management is disabled (selfsign certificate will be used as far as I remember unless you specify your own one).
So this is definitely not a recommended way to do refresh certificates.


Certified Dynatrace Master | TEMPEST a.s., Slovakia, Dynatrace Master Partner

I'm afraid that is not true. When you do it like that, the previous certs (actually keystore) are reverted.
Senior Product Manager,
Dynatrace Managed expert

Last time I've tried this the certs were regenerated. But it could be a coincidence anyway.


Certified Dynatrace Master | TEMPEST a.s., Slovakia, Dynatrace Master Partner